SystemBC C2 exposed 1,570+ victims tied to The Gentlemen since July 2025, revealing expanding ransomware scale.
Category: cybercrime/malcode
Former ransomware negotiator pleads guilty to BlackCat attacks
41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023.
Together with two other Sygnia and DigitalMint ransomware negotiators (33-year-old Ryan Clifford Goldberg and 28-year-old Kevin Tyler Martin), Martino was charged with conspiracy to interfere with interstate commerce by extortion, interference with interstate commerce by extortion, and intentional damage to protected computers.
Martino was initially identified only as “Co-Conspirator 1” in an October 2025 indictment, but was named in court documents unsealed in March. Martin and Goldberg also pleaded guilty to conspiracy to obstruct commerce by extortion and are facing up to 20 years in prison each.
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate.
The Gentlemen ransomware-as-a-service (RaaS) operation emerged around mid-2025 and provides a Go-based locker that can encrypt Windows, Linux, NAS, and BSD systems, and a C-based locker for ESXi hypervisors.
Last December, it compromised one of Romania’s largest energy providers, the Oltenia Energy Complex. Earlier this month, The Adaptavist Group disclosed a breach that Gentlemen ransomware listed on its data leak site.
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as “Chaotic Eclipse” has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed “RedSun,” in the past two weeks, protesting how the company works with cybersecurity researchers.
This exploit is for a local privilege escalation (LPE) flaw that grants SYSTEM privileges in Windows 10, Windows 11, and Windows Server on the latest April Patch Tuesday patches, when Windows Defender is enabled.
“When Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that’s supposed to protect decides that it is a good idea to just rewrite the file it found again to it’s original location,” explains the researcher.
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest.
Tom Gallagher, Vice President of Engineering at Microsoft Security Response Center (MSRC), said that over 80 flaws found during the live event at Microsoft’s Redmond campus were high-impact cloud and AI security vulnerabilities.
“During the 2026 live hacking event, Microsoft partnered with the global security research community, representing more than 20 countries and a wide range of professional backgrounds, from high school students to college professors,” Gallagher said.