Report: Ransomware Command-and-Control Providers Unmasked by Halcyon Researchers

Halcyon Research details novel methods to identify Command-and-Control Providers (C2Ps) and presents evidence that Cloudzy is widely used to host RDP/VPS infrastructure for both nation-state APT operations and criminal ransomware affiliates; the report names two new affiliates (Ghost Clown and Space Kook tied to BlackBasta and Royal), lists IoCs (SHA256 hashes, IPs, domains, and netblocks), and urges defenders to search for identified RDP hostnames and indicators to detect or prevent imminent ransomware activity.