article featured image


A financial-motivated threat organization that has been active since 2013, FIN7 has targeted the retail, restaurant, and hospitality industries in the United States, often deploying point-of-sale malware to achieve its objectives.

Combi Security, a front firm for FIN7, was used to administer a component of the organization.

The FIN7 group has changed its approach to operation since 2020, adopting a large game hunting strategy that includes the use of ransomware such as REvil and their own Ransomware as a Service (RaaS), Darkside.

Although FIN7 seems to be associated with the Carbanak Group, it appears that there are many organizations that use Carbanak malware and are thus followed individually.

When FIN7 was recruiting new members, they pretended to be a legal firm, which was believable as they used genuine project management software (such as Atlassian JIRA) to coordinate their destructive operations and handle network intrusions.

What Happened?

Denys Iarmak, a Ukrainian member and “pen tester” for the FIN7 financially-motivated hacking group, was sentenced to five years in prison for breaching victims’ networks and stealing credit card information between November 2016 and November 2018. He was convicted of breaching victims’ networks and stealing credit card information for approximately two years, between November 2016 and November 2018.

As BleepingComputer reported, it was in May 2020 that the culprit was extradited to the United States after being apprehended in Bangkok, Thailand, in November 2019.

In November 2021, Iarmak entered a guilty plea to various charges of conspiracy to conduct wire fraud and conspiracy to commit computer hacking.

By entering these pleas of guilty, Defendant hereby waives all objections to the form of the charging document. Defendant further understands that before entering his guilty pleas, he will be placed under oath. Any statement given by Defendant under oath may be used by the United States in a prosecution for perjury or false statement.


Following their arrests in 2018, Iarmak becomes the third FIN7 member to be sentenced in the United States, following Fedir Hladyr (a high-level manager) who was sentenced to ten years in prison on April 16, 2021, and Andrii Kolpakov (another “pen tester”) who was sentenced to seven years on June 24, 2021.

It is alleged that he and his cybercrime collaborators caused more than a billion dollars in damages to American citizens after compromising millions of bank accounts and the computer networks of hundreds of companies around the country.

Iarmak and his conspirators compromised millions of financial accounts, causing over a billion dollars in losses to Americans and costs to America’s economy. Protecting businesses – both large and small – online is a top priority for the Department of Justice. We are committed to working with our international partners to hold such cybercriminals accountable, no matter where they live or how anonymous they think they are.

Mr. Iarmak was directly involved in designing phishing emails embedded with malware, intruding on victim networks, and extracting data such as payment card information. To make matters worse, he continued his work with the FIN7 criminal enterprise even after the arrests and prosecution of co-conspirators. He and others in this cybercrime group used hacking techniques to essentially rob thousands of locations of multiple restaurant chains at once, from the comfort and safety of their keyboards in distant countries.

This cyber-criminal probed and mapped victims’ networks searching for data to exploit. Masquerading as a legitimate business, the hacking group he belonged to recruited other members to assist with their criminal activities. Thanks to the hard work of law enforcement, this defendant, who is responsible for an enormous loss amount, will be spending the next few years in prison.


If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo