Security News > 2025 > January > Attackers are encrypting AWS S3 data without using ransomware
2025-01-13 16:59
A ransomware gang dubbed Codefinger is encrypting data stored in target organizations’ AWS S3 buckets with AWS’s server-side encryption option with customer-provided keys (SSE-C), and asking for money to hand over the key they used. They do not exfiltrate the data beforehand, but mark the encrypted files for deletion within seven days, thus adding more pressure on organizations to pay the ransom. How does the attack unfold? The threat actor leverages targets’ previous compromised (whether … More → The post Attackers are encrypting AWS S3 data without using ransomware appeared first on Help Net Security.
News URL
Related news
- Ransomware abuses Amazon AWS feature to encrypt S3 buckets (source)
- Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked (source)
- Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)