Detecting High-Impact Targeted Cloud/MSP $14M+ Ryuk and REvil Ransomware Attacks

Threat Research

The Securonix Threat Research Team has been actively investigating the details of recent, critical targeted ransomware attacks against healthcare and data center cloud and managed service providers (MSP) that have been reported over the past couple of weeks. These attacks have impacted over 116 cloud and MSP customer companies with more than US$14M in ransom payments demanded by attackers.

Here are some of the key technical details of these attacks and our recommendations for Securonix predictive indicators and security analytics that can be used to detect current, and potentially future, attack variants.