A hacker who helped steal over 20 million credit card records from 6,500 credit card terminals in businesses will spend the next ten years in prison. Denys Iarmak was part of the FIN7 hacking group. According to the feds, the group stole over $1 billion from victims.
According to court documents, Denys Iarmak, 32, served as a high-level hacker, whom the group referred to as a “pen tester,” for FIN7. He was arrested in Bangkok, Thailand, in November 2019 at the request of U.S. law enforcement. I\
Companies that have publicly disclosed hacks attributable to FIN7 include such chains as Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin, and Jason’s Deli.
“Iarmak and his conspirators compromised millions of financial accounts, causing over a billion dollars in losses to Americans and costs to America’s economy,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division. “Protecting businesses – both large and small – online is a top priority for the Department of Justice. We are committed to working with our international partners to hold such cybercriminals accountable, no matter where they live or how anonymous they think they are.”
FIN7 used sophisticated malware to attack hundreds of US companies. According to the government, “To execute its scheme, FIN7 carefully crafted email messages that would appear legitimate to a business’ employees and accompanied emails with telephone calls intended to further legitimize the emails. Once a file attached to a fraudulent email was opened and activated, FIN7 would use an adapted version of the Carbanak malware, in addition to an arsenal of other tools, to access and steal payment card data for the business’s customers. Since 2015, many of the stolen payment card numbers have been offered for sale through online underground marketplaces.”