Ransomware Hits CSP: Attack Details
The target was CloudJumper, a workspace as a service (WaaS) provider that partners closely with MSPs. The attack impacted less than one percent of CloudJumper's partners. But in a phone conversation and email exchange with MSSP Alert, company executives emphasized their ongoing commitment to those impacted partners.CloudJumper recently discovered a virus-based strain of ransomware as it was in the process of impacting one of our legacy multi-tenant environments. This environment was obtained in an acquisition and CloudJumper has been actively migrating these customers to our standardized platforms.
The name of the virus that hit CloudJumper was RYUK – which according to sources was re-written and re-released in March of 2019. Initially, it had hit in December of 2018 when it impacted a number of American Newspapers and extorted over 600,000 bitcoins.
Upon learning of the incident, CloudJumper immediately took efforts to address the disruption. We continue to work diligently to restore impacted systems as quickly as possible. While our investigation remains ongoing, our immediate focus is on supporting impacted clients and restoring functionality.
At this time, we have no knowledge and no indication that client data has been accessed or acquired. Further, we do not believe any such access or acquisition has or will occur for the following reasons:
- This was a fast moving programmatic virus-based ransomware and not a data theft tool.
- There were no outbound data spikes to indicate a transfer of data.
- We caught and halted the infection in the process of spreading and as precaution isolated all systems from the public internet almost immediately.
- We understand the vector of attack the program used.
- We believe we have identified the origination point.
- That said, we are coordinating a third-party forensic investigation and will promptly let clients know if we learn of anything to the contrary.
Additional details:
This impacted less than 1% of our partner base.
This type of Ransomware would not have been successful in a CloudJumper built platform due to our security parameters and practices.
There has been no indication of data loss and we are following our restoration procedures.
No “ransom” was paid."
RYUK Ransomware Repeatedly Hits MSP Ecosystem
This is the latest in a growing list of malware attacks to hit an MSP or a CSP that serves the MSP ecosystem. For instance:- RYUK ransomware hit Data Resolution, an MSP in California earlier this year.
- Cybercriminals used Ryuk ransomware to collect at least $640,000 in Bitcoin from global organizations over a two-week span in 2018, according to master MSSP Perch Security.