Security News > 2020 > December > Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor

Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor
2020-12-16 18:37

Commodity malware backdoor SystemBC has evolved to now automate a number of key activities, as well as use the anonymizing Tor platform.

Initially, ransomware groups that leverage SystemBC have been observed first infecting systems using spam or phishing emails.

From there, attackers then use SystemBC in order to scoop up passwords from victim systems - although in some cases, the SystemBC backdoor was only deployed to servers after attackers gained administrative credentials, and then used it to move deeper into the targeted network, researchers said.

Most of the C2 communications with the more recent versions of SystemBC are over a Tor connection: "The Tor communications element of SystemBC appears to be based on mini-Tor, an open-source library for lightweight connectivity to the Tor anonymized network," said Sophos reserchers.

SystemBC proves to be another useful tool for cybercriminals who have been launching increased levels of ransomware attacks.


News URL

https://threatpost.com/ryuk-egregor-ransomware-systembc-backdoor/162333/