{"Event": {"info": "OSINT - RYUK Ransomware Hits MSP-Centric Cloud Service Provider", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"Ryuk\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Ryuk ransomware\""}, {"colour": "#2c4f00", "exportable": true, "name": "malware_classification:malware-category=\"Ransomware\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}], "publish_timestamp": "0", "timestamp": "1557740282", "Object": [{"comment": "", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "uuid": "5cd9322c-b0cc-4358-92c4-4134950d210f", "sharing_group_id": "0", "timestamp": "1557738028", "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "template_version": "5", "Attribute": [{"comment": "", "category": "Other", "uuid": "5cd9322d-7804-4b38-a70f-42e8950d210f", "timestamp": "1557738029", "to_ids": false, "value": "Another #RYUK #Ransomware attack hits cloud services provider, impacting some #MSPs. Full recovery expected. Details from MSSP Alert", "disable_correlation": false, "object_relation": "post", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cd9322d-0a84-49d3-9401-4a53950d210f", "timestamp": "1557738029", "to_ids": false, "value": "Twitter", "disable_correlation": true, "object_relation": "type", "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5cd9322d-f484-4bd0-87fc-4fa1950d210f", "timestamp": "1557738029", "to_ids": true, "value": "https://twitter.com/msspalert/status/1126974706979094528", "disable_correlation": false, "object_relation": "url", "type": "url"}, {"comment": "", "category": "External analysis", "uuid": "5cd9322d-8cb8-49d4-b4c3-47fc950d210f", "timestamp": "1557738058", "to_ids": true, "value": "https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/ryuk-ransomware-hits-msp-centric-csp/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": "link", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5cd9322d-816c-407b-b728-47aa950d210f", "timestamp": "1557738029", "to_ids": false, "value": "10 May 2019 3:18 PM", "disable_correlation": false, "object_relation": "creation-date", "type": "datetime"}, {"comment": "", "category": "Other", "uuid": "5cd9322d-4b4c-4090-a33c-4b97950d210f", "timestamp": "1557738029", "to_ids": false, "value": "msspalert", "disable_correlation": false, "object_relation": "username", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "microblog"}], "analysis": "0", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5cd932f0-ce10-4361-956b-4aed950d210f", "timestamp": "1557738240", "to_ids": false, "value": "RYUK Ransomware has hit a cloud service provider (CSP) that works closely with MSPs. The twist: The limited attack hit a data center system that the CSP acquired through M&A. The situation appears under control, no ransomware was paid and the CSP has nearly completed the data restore as of about 4:00 p.m. ET on Friday, May 10, MSSP Alert has learned.\r\n\r\nFor MSPs and CSPs considering mergers and acquisitions, the attack offers a timely cyber due diligence reminder: Carefully study the security standards and best practices of the asset you are acquiring. In this particular case, the CSP was in the process of decommissioning the acquired data center when the attack occurred this week.", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "text"}], "extends_uuid": "", "published": false, "date": "2019-05-10", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5cd9305f-607c-49a4-a3ed-4f67950d210f"}}