Security News > 2020 > December > Ransomware gangs automate payload delivery with SystemBC malware
SystemBC, a commodity malware sold on underground marketplaces, is being used by ransomware-as-a-service operations to hide malicious traffic and automate ransomware payload delivery on the networks of compromised victims.
According to information collected by Sophos researchers while investigating recent Ryuk and Egregor ransomware attacks, SystemBC has been deployed in all their attacks during the last months.
"We are increasingly seeing ransomware operators outsource the deployment of ransomware to affiliates using commodity malware and attack tools," said Sophos security researcher Sean Gallagher in a report shared in advance with BleepingComputer.
"SystemBC is a regular part of recent ransomware attackers' toolkits- Sophos has detected hundreds of attempted SystemBC deployments worldwide over the last few months."
Even though some Windows anti-malware tools detect and block SystemBC deployment attempts, ransomware gangs are still able to drop them on their targets' networks by using legitimate credentials stolen in the initial stages of their attacks or by taking advantage of less capable antivirus solutions.