Security News > 2025 > January > Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days
2025-01-13 14:00
'Codefinger' crims on the hunt for compromised keys A new ransomware crew dubbed Codefinger targets AWS S3 buckets and uses the cloud giant's own server-side encryption with customer provided keys (SSE-C) to lock up victims' data before demanding a ransom payment for the symmetric AES-256 keys required to decrypt it.…
News URL
Related news
- Ransomware abuses Amazon AWS feature to encrypt S3 buckets (source)
- Attackers are encrypting AWS S3 data without using ransomware (source)
- Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)