Ryuk being pushed from Azure... The question is why?


Looking at the latest Ryuk activity today shows that an IP address 52[.]158[.]209[.]219 is consistently showing up and pushing the payloads associated with the Ransomware. The only question is why?

With the vast resources at Microsoft it is making us wonder if they have the data needed to keep web users safe from attack. We know that many attackers utilize Azure and AWS and similar hosting providers because it's difficult if not impossible to block activity from these environments without blocking legitimate traffic.

We highly recommend blocking 52[.]158[.]209[.]219 so as to protect your clients from infection until such time as Microsoft get's with the program.

Additional information can be found in the Jigsaw Security threat intelligence platform available to Jigsaw customers under event ID 23368.

#Malware #Ransomware #Ryuk

0 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.