SyncWave Blog
Cybersecurity 2 min read 77

The SystemBC trail: 1,570 victims exposed after ransomware attack

An investigation reveals a botnet linked to 'The Gentlemen' ransomware that uses SystemBC to infiltrate corporate systems.

cyber security network

The resurgence of SystemBC in ransomware operations

Global cybersecurity is facing a new threat. Recent investigations by Check Point have brought to light a command-and-control (C2) infrastructure linked to the ransomware group known as The Gentlemen. This group, which operates under the Ransomware-as-a-Service (RaaS) model, has been detected using the SystemBC proxy malware to solidify its presence in compromised networks.

The findings are alarming: the C2 server analyzed has allowed for the identification of more than 1,570 victims globally. This figure highlights the ability of threat actors to scale their operations through the use of sophisticated persistence tools.

How does this botnet operate?

The primary technique of SystemBC consists of establishing SOCKS5 network tunnels. This allows attackers to maintain a persistent and encrypted connection with infected systems, facilitating lateral movement within the victim's infrastructure before deploying the final encryption payload.

"SystemBC establishes SOCKS5 network tunnels that allow attackers to evade conventional security measures and maintain control over compromised assets for extended periods."

The importance of cybersecurity hygiene

This incident is a reminder that any unpatched vulnerability can become the gateway for a massive hack. Proactive patch management is the first line of defense against these types of incursions. If you would like to delve deeper into how security agencies manage these risks, you can consult our guide on CISA warns of new vulnerability: critical deadlines for patches.

Conclusion: What should organizations do?

To protect themselves against the tactics employed by The Gentlemen and their proxy tools, companies must:

  1. Monitor network traffic: Identify unusual connections to known C2 servers.
  2. Constant updates: Implement security patches immediately on all exposed systems.
  3. Network segmentation: Limit lateral movement, making it difficult for the malware to spread if a computer is infected.

Constant vigilance remains the most effective tool against a rapidly evolving threat landscape.

Share:

Comments

Loading comments...

Contact

Want to get in touch?

Questions, suggestions or proposals — write to us and we will respond.