Around June 24 2022, out of over 4.7 million hosts Censys observed in Russia, Censys discovered two Russian hosts containing an exploitation tool, Metasploit, and Command and Control (C2) tool, Deimos C2. Historical analysis indicated one of these Russian hosts also used the tool PoshC2. These tools allow penetration testers and hackers to gain access to and manage target hosts. Listen in as Matt Lembright, Director of Federal Applications at Censys uncovered something interesting — not an active ransomware attack, but a cache of tools ready to be used by threat actors to carry out ransomware attacks.