Hello, Recently found that one of api.snapcraft.io’s IPs (185.125.188.58) was reported as an IOC and being associate with venus ransomware in an HHS report. Any thoughts with this?
https://www.hhs.gov/sites/default/files/venus-ransomware-analyst-note.pdf
Hi, thanks for flagging this. We’ve received reports of this via multiple channels, this has been escalated and is being investigated.
Hi @roadmr,
For further reference, the document cites these further Canonical-owned IP Addresses as associated with the ransomware:
We’ve been in contact with HHS, and determined that it was a false positive. They’ve updated https://www.hhs.gov/sites/default/files/venus-ransomware-analyst-note.pdf to no longer include Canonical’s IP addresses.
We’re still working with VirusTotal to get the false positives removed from their pages.
