Security News > 2020 > December > Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor
Commodity malware backdoor SystemBC has evolved to now automate a number of key activities, as well as use the anonymizing Tor platform.
Initially, ransomware groups that leverage SystemBC have been observed first infecting systems using spam or phishing emails.
From there, attackers then use SystemBC in order to scoop up passwords from victim systems - although in some cases, the SystemBC backdoor was only deployed to servers after attackers gained administrative credentials, and then used it to move deeper into the targeted network, researchers said.
Most of the C2 communications with the more recent versions of SystemBC are over a Tor connection: "The Tor communications element of SystemBC appears to be based on mini-Tor, an open-source library for lightweight connectivity to the Tor anonymized network," said Sophos reserchers.
SystemBC proves to be another useful tool for cybercriminals who have been launching increased levels of ransomware attacks.
News URL
https://threatpost.com/ryuk-egregor-ransomware-systembc-backdoor/162333/
Related news
- French govt contractor Atos denies Space Bears ransomware attack claims (source)
- Casio says data of 8,500 people exposed in October ransomware attack (source)
- Preventing the next ransomware attack with help from AI (source)
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Ransomware attack forces Brit high school to shut doors (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)