Security News > 2020 > December > Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor
Commodity malware backdoor SystemBC has evolved to now automate a number of key activities, as well as use the anonymizing Tor platform.
Initially, ransomware groups that leverage SystemBC have been observed first infecting systems using spam or phishing emails.
From there, attackers then use SystemBC in order to scoop up passwords from victim systems - although in some cases, the SystemBC backdoor was only deployed to servers after attackers gained administrative credentials, and then used it to move deeper into the targeted network, researchers said.
Most of the C2 communications with the more recent versions of SystemBC are over a Tor connection: "The Tor communications element of SystemBC appears to be based on mini-Tor, an open-source library for lightweight connectivity to the Tor anonymized network," said Sophos reserchers.
SystemBC proves to be another useful tool for cybercriminals who have been launching increased levels of ransomware attacks.
News URL
https://threatpost.com/ryuk-egregor-ransomware-systembc-backdoor/162333/
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)