The Gentlemen ransomware now uses SystemBC for bot-powered attacks

📅 20 April 2026 at 20:02 UTC📰 Bleeping ComputerView original source ↗

A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

The Gentlemen ransomware gang has expanded its attack toolkit by using SystemBC proxy malware for bot-powered attacks, compromising over 1,570 corporate victims worldwide.

⚙️Technical Details

Affected Systems

WindowsLinuxNASBSDESXi hypervisors

Attack Vectors

Domain Controller with Domain Admin privilegesCobalt Strike payloads via RPCMimikatz and remote execution

💥Impact Assessment

Severity: critical

🛡️Recommended Actions

1Implement YARA rule-based detection to protect against Gentlemen ransomware attacks

2Monitor for SystemBC proxy malware activity and block suspicious traffic

3Conduct regular security audits to identify vulnerabilities in domain controllers and other critical systems

📦Affected Products

Domain ControllersVirtual Private Servers (VPS)

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed