SystemBC malware used by ransomware gangs to automate payload delivery

SystemBC was first discovered in 2018 and was previously used in several campaigns in 2019 as a virtual private network, allowing ransomware gangs to deploy persistent backdoor on the targeted systems, and making payload staging and delivery easier. According to data gathered by Sophos researchers, SystemBC was deployed in both Ryuk and Egregor ransomware attacks and is seemingly becoming a regular part of ransomware attackers' toolkits. SystemBC is commonly used together with Cobalt Strike after gaining the access to victims' networks. Read more...