"Ransomware Gangs Use 'SystemBC' Tor Backdoor in Attacks"

Sophos researchers have reported the use of a backdoor named SystemBC by multiple ransomware families, including Ryuk and Egregor. The continuously evolving backdoor executes commands and enables adversaries to download and run scripts, executables, and DLLs. The researchers have observed SystemBC being used in hundreds of attacks in combination with Cobalt Strike and other post-exploitation tools. This article continues to discuss the observations made by researchers surrounding the capabilities and impact of the SystemBC backdoor, as well as why this is an attractive tool for attackers in the performance of ransomware attacks. 

Security Week reports "Ransomware Gangs Use 'SystemBC' Tor Backdoor in Attacks"