Recent deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads for further exploitation. Affiliates are typically threat actors responsible for gaining an initial foothold in a target network. The rise of commodity malware also points to a new trend where ransomware is offered as a service to affiliates, like it’s in the case of MountLocker, where the operators provide double extortion capabilities to affiliates so as to distribute the ransomware with minimal effort.
Source: https://thehackernews.com/2020/12/ransomware-attackers-using-systembc.html