SC
Silent Ransom Group Went Fast Flux. The Detection Trips Over Akamai Before It Finds the Botnet
SRG moved its extortion infrastructure onto DNS fast flux. Building the detection is easy; the hard part is that a naive low-TTL-plus-many-IPs rule lights up every CDN in your environment before it ever surfaces the botnet.