minute read
Share this article:
In the past few months researchers have detected hundreds of attempted SystemBC deployments globally, as part of recent Ryuk and Egregor ransomware attacks.
Commodity malware backdoor SystemBC has evolved to now automate a number of key activities, as well as use the anonymizing Tor platform. These overarching changes make it both easier for cybercriminals to deploy the backdoor, as well as cloak the destination of the command-and-control (C2) traffic.
SystemBC, a proxy and remote administrative tool, was first discovered in 2019. Researchers believe it is being used by ransomware-as-a-service affiliates due to it being associated with multiple types of ransomware that are deployed in the same way. Once it’s executed, the backdoor is used by ransomware actors to set up a persistent connection on victim systems.