Looking at the latest Ryuk activity today shows that an IP address 52[.]158[.]209[.]219 is consistently showing up and pushing the payloads associated with the Ransomware. The only question is why? With the vast resources at Microsoft it is making us wonder if they have the data needed to keep web users safe from attack. We know that many attackers utilize Azure and AWS and similar hosting providers because it's difficult if not impossible to block activity from these environ