According to a report issued today, eight networks connect directly to the botnet-hosting ISP Troyak and four other upstream providers that surround the malicious core, help to mask the true malware-hosted armada and provide solid uptime to the malware servers for ZeuS botnets, Gozi, and RockPhish among others. The relentless rise in COVID-19 cases is battering already frayed healthcare systems and ransomware criminals are using the opportunity to strike.
Source: https://threatpost.com/mapping-criminal-isp-infrastructure-031710/73703/