Techly NewsGet the app

Get the latest tech news

Ransomware Crew Abuses AWS Native Encryption, Sets Data-Destruct Timer for 7 Days


A new ransomware group called Codefinger targets AWS S3 buckets by exploiting compromised or publicly exposed AWS keys to encrypt victims' data using AWS's own SSE-C encryption, rendering it inaccessible without the attacker-generated AES-256 keys. While other security researchers have documented te...

"This is unique in that most ransomware operators and affiliate attackers do not engage in straight up data destruction as part of a double extortion scheme or to otherwise put pressure on the victim to pay the ransom demand," West said. "This can be achieved by leveraging the Condition element in IAM policies to prevent unauthorized applications of SSE-C on S3 buckets, ensuring that only approved data and users can utilize this feature," he explained. Plus, it's important to monitor and regularly audit AWS keys, as these make very attractive targets for all types of criminals looking to break into companies' cloud environments and steal data.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of Days

Days

Photo of destruct timer

destruct timer

Photo of native encryption

native encryption

Related news:

News photo

When a winter storm trapped a luxury passenger train near Donner Pass

News photo

Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days

News photo

Meta terminates its DEI programs days before Trump inauguration

« Dynasty Warriors: Origins review - top-notch hack-and-slash stumbles off the battlefield
It's Doom ... running in a PDF file »