That’s highly inaccurate, idk why that’s gotten so many upvotes.

Most malware use sketchy top level domains ex.) .xyz .makeup .me, etc not to mention most ransomware gangs compromise legitimate sites and host malware on them in order to bypass new domain creation and add that level of legitimacy.

One indicator for a ransomware gang which I think is actually this one was official government sites of Texas after they themselves were victim of ransomware.

Source: I work Incident Response

We switched out CarbonBlack for Crowdstrike and started implementing Crowdstrike AV to replace Symantec.

It’s been god awful, couldn’t really even trust when Symantec says it ate a file. Only positive thing was it caught a lot of infected USB drives being plugged in that other AVs didn’t even consider malicious