Summary: Cybercriminals are increasingly targeting Amazon Web Services’ S3 buckets, using the platform’s own encryption tools to lock organizations out of their data and demand ransom payments. This new tactic represents a significant evolution in ransomware capabilities, as it leverages server-side encryption with customer-provided keys to make data recovery nearly impossible without cooperation from the attackers.
Threat Actor: Codefinger | Codefinger
Victim: AWS native software developers | AWS native software developers
Key Point :
- Hackers encrypt data using AWS’s server-side encryption with customer-provided keys (SSE-C).
- Victims are pressured to pay ransoms with threats of file deletion within seven days.
- This method represents a novel and secure approach to ransomware, making recovery without cooperation impossible.
- Halcyon warns that these tactics may soon be adopted by other threat actors.
- Organizations must take immediate action to secure their AWS accounts to prevent such attacks.
Source: https://therecord.media/hackers-encrypting-amazon-cloud-buckets