New Report: Ransomware Command-and-Control Providers Unmasked by Halcyon Researchers
In this report, titled Cloudzy with a Chance of Ransomware: Unmasking Command-and-Control Providers (C2Ps) , Halcyon demonstrates a unique technique for identifying C2P entities that can be used to forecast the precursors to major ransomware campaigns and other advanced attacks significantly “left of boom.” Halcyon also identifies two new, previously undisclosed ransomware affiliates Halcyon tracks as Ghost Clown and Space Kook that currently deploy BlackBasta and Royal, respectively.
- In this report, titled Cloudzy with a Chance of Ransomware: Unmasking Command-and-Control Providers (C2Ps) , Halcyon demonstrates a unique technique for identifying C2P entities that can be used to forecast the precursors to major ransomware campaigns and other advanced attacks significantly “left of boom.” Halcyon also identifies two new, previously undisclosed ransomware affiliates Halcyon tracks as Ghost Clown and Space Kook that currently deploy BlackBasta and Royal, respectively.
- “This report is only a slice of a very large pie,” said Jon Miller, CEO & Co-founder, Halcyon.
- Halcyon identifies that Cloudzy - which accepts cryptocurrencies in exchange for anonymous use of its Remote Desktop Protocol (RDP) Virtual Private Server (VPS) services – appears to be the common service provider supporting ransomware attacks and other cybercriminal endeavors.
- Halcyon identified two previously unknown ransomware affiliates dubbed Ghost Clown and Space Kook currently deploying BlackBasta and Royal ransomware strains, respectively.