New Report: Ransomware Command-and-Control Providers Unmasked by Halcyon Researchers
Halcyon, the world's first Cyber Resilience platform, today published new research that details novel techniques used to unmask a major Ransomware Economy player that are assessed to be facilitating ransomware attacks and state-sponsored APT operations: Command-and-Control Providers (C2P) who sell services to threat actors while assuming a legal business profile.
In this report, titled Cloudzy with a Chance of Ransomware: Unmasking Command-and-Control Providers (C2Ps), Halcyon demonstrates a unique technique for identifying C2P entities that can be used to forecast the precursors to major ransomware campaigns and other advanced attacks significantly "left of boom." Halcyon also identifies two new, previously undisclosed ransomware affiliates Halcyon tracks as Ghost Clown and Space Kook that currently deploy BlackBasta and Royal, respectively. Halcyon's research and engineering team used the same method to link the two ransomware affiliates to the same Internet Service Provider, Cloudzy, which accepts cryptocurrencies in exchange for anonymous use of its Remote Desktop Protocol (RDP) Virtual Private Server (VPS) services.
While these C2P entities are ostensibly legitimate busineses who may or may not know that their platforms are being abused for attack campaigns, they nonetheless provide a key aspect of the larger attack apparatus leveraged by some of the most advanced threat actors.
"This report is only a slice of a very large pie," said Jon Miller, CEO & Co-founder, Halcyon. "It uncovers a pattern of what appears to be consistent use or abuse of servers provided by internet service provider Cloudzy by more than two dozen different threat actors. At Halcyon, we are committed to defeating ransomware, which includes identifying new threats and techniques used to facilitate ransomware attacks and state-sponsored APT operations."
Key Findings:
The full report can be downloaded here: Cloudzy with a Chance of Ransomware: Unmasking Command-and-Control Providers (C2Ps).
About Halcyon
Halcyon is the world's first cyber resilience platform designed from day one to defeat ransomware. Global 2000 companies rely on Halcyon to augment existing XDR/EDR platforms and undo attacks in minutes with bypass and evasion protection, key capture and automated decryption, and exfiltration and extortion prevention. For more information, visit https://www.halcyon.ai/.
