🎯Basically, a group of hackers used a malware called SystemBC to attack over 1,570 victims.
What Happened
Threat actors linked to The Gentlemen ransomware-as-a-service (RaaS) operation have been deploying a known proxy malware called SystemBC. Recent research by Check Point revealed that the command-and-control (C2) server associated with SystemBC has uncovered a botnet comprising over 1,570 victims. This malware establishes SOCKS5 network tunnels within the victim's environment, connecting to its C2 server using a custom RC4-encrypted protocol.
Who's Being Targeted
The Gentlemen RaaS has quickly become one of the most prolific ransomware groups, claiming over 320 victims on its data leak site. The C2 server linked to SystemBC has commandeered victims across various countries, including the U.S., U.K., Germany, Australia, and Romania. The operation primarily targets corporate networks, showcasing a wide geographical reach.
Signs of Infection
Indicators of a SystemBC infection include:
Unusual network traffic
Compromised corporate networks
Evidence of lateral
How It Works
The Gentlemen employ a classic double-extortion model, utilizing sophisticated tactics to infiltrate systems. They exploit vulnerabilities in internet-facing services or compromised credentials to gain initial access. Once inside, they engage in discovery, lateral movement, and payload staging, deploying tools like Cobalt Strike and SystemBC before executing ransomware.
Defensive Measures
Organizations should take the following steps to protect against this threat:
Detection
- 1.Regularly update and patch vulnerabilities in internet-facing services.
- 2.Monitor for unusual network traffic and connections to unfamiliar proxies.
Removal
Conclusion
The findings underscore the evolving landscape of ransomware, with groups like The Gentlemen demonstrating advanced capabilities and a willingness to adapt their tactics. As ransomware operations continue to mature into disciplined criminal enterprises, organizations must remain vigilant and proactive in their cybersecurity strategies.
🔒 Pro insight: The rapid growth of The Gentlemen RaaS indicates a significant shift in ransomware tactics, emphasizing the need for adaptive defensive strategies.
