The SystemBC trail: 1,570 victims exposed after ransomware attack
An investigation reveals a botnet linked to 'The Gentlemen' ransomware that uses SystemBC to infiltrate corporate systems.

The resurgence of SystemBC in ransomware operations
Global cybersecurity is facing a new threat. Recent investigations by Check Point have brought to light a command-and-control (C2) infrastructure linked to the ransomware group known as The Gentlemen. This group, which operates under the Ransomware-as-a-Service (RaaS) model, has been detected using the SystemBC proxy malware to solidify its presence in compromised networks.
The findings are alarming: the C2 server analyzed has allowed for the identification of more than 1,570 victims globally. This figure highlights the ability of threat actors to scale their operations through the use of sophisticated persistence tools.
How does this botnet operate?
The primary technique of SystemBC consists of establishing SOCKS5 network tunnels. This allows attackers to maintain a persistent and encrypted connection with infected systems, facilitating lateral movement within the victim's infrastructure before deploying the final encryption payload.
"SystemBC establishes SOCKS5 network tunnels that allow attackers to evade conventional security measures and maintain control over compromised assets for extended periods."
The importance of cybersecurity hygiene
This incident is a reminder that any unpatched vulnerability can become the gateway for a massive hack. Proactive patch management is the first line of defense against these types of incursions. If you would like to delve deeper into how security agencies manage these risks, you can consult our guide on CISA warns of new vulnerability: critical deadlines for patches.
Conclusion: What should organizations do?
To protect themselves against the tactics employed by The Gentlemen and their proxy tools, companies must:
- Monitor network traffic: Identify unusual connections to known C2 servers.
- Constant updates: Implement security patches immediately on all exposed systems.
- Network segmentation: Limit lateral movement, making it difficult for the malware to spread if a computer is infected.
Constant vigilance remains the most effective tool against a rapidly evolving threat landscape.
Related articles
11 de julio de 2026
Condemna històrica: membre de la banda Ryuk ransomware admet la seva culpabilitat
Un ciutadà armeni es declara culpable als EUA pel desplegament de ransomware Ryuk, afrontant una possible sentència de 15 anys de presó.
11 de julio de 2026
Historic Conviction: Ryuk Ransomware Gang Member Admits Guilt
An Armenian national pleads guilty in the U.S. for deploying Ryuk ransomware and faces a potential 15-year prison sentence.
11 de julio de 2026
Condena histórica: miembro de la banda Ryuk ransomware admite su culpa
Un ciudadano armenio se declara culpable en EE. UU. por el despliegue de ransomware Ryuk, enfrentando una posible sentencia de 15 años de prisión.
10 de julio de 2026
Hackers exploten Microsoft Entra: Nova vulnerabilitat en passkeys
Un grup d'actors maliciosos utilitza enginyeria social per comprometre comptes de Microsoft 365 mitjançant falsos registres de passkeys a Entra.
Loading comments...