In August 2021, a person established contact with Gemini's intelligence analysts in Ukraine, claiming to have been recruited by a ransomware syndicate and looking for an opportunity to share valuable information with the intelligence community. During several follow-up discussions, the actor confirmed their identity and provided an extensive archive of screenshots, data files, and general details of their engagement with this ransomware operation. Further analysis revealed that the provided artifacts belonged to the notorious FIN7 gang, which ran a large-scale IT recruitment operation by leveraging a fake and previously unknown cybersecurity company named Bastion Secure. As a result of the individual's two-month-long engagement, our analysts gained an unprecedented view into the operations of FIN7. We'll also provide evidence of the gang's pivot away from its characteristic attacks on Western point-of-sale networks and towards ransomware operations, culminating in evidence linking FIN7 to the DarkSide/BlackMatter ransomware groups.