GENTLEMEN RANSOMWARE NOW LEVERAGES SYSTEMBC BOTNET

Security researchers uncovered the connection while analyzing a Gentlemen ransomware attack attributed to a gang affiliate. SystemBC, a proxy malware used for command-and-control communications, enables attackers to mask their infrastructure and maintain persistent access to compromised networks. The identified botnet spans more than 1,570 hosts believed to be corporate victims. This integration represents an escalation in Gentlemen's operational capabilities, allowing the group to distribute malware more effectively and coordinate multi-stage attacks. SystemBC's role as a proxy service makes it particularly valuable for ransomware operations, as it obscures attacker infrastructure and complicates attribution efforts. The combination of Gentlemen's encryption capabilities with SystemBC's distribution network strengthens the threat actor's ability to penetrate enterprise environments and establish persistent footholds before deploying ransomware payloads. Organizations should prioritize detection of SystemBC indicators and monitor for suspicious proxy communications within their networks.