See every side of every news story
Get Started
SubscribeLogin
Israel-Hamas Conflict
Artificial Intelligence
Donald Trump
Social Media
Republican Party
Gaming
Natural Disasters
Immigration
Housing
Nvidia
Music
Property
MLB
Published loading...Updated

Ransomeware Exploits AWS Encryption to Lock S3 Buckets

  • A new ransomware campaign named Codefinger targets Amazon S3 buckets by encrypting them with AWS's server-side encryption using customer-provided keys, demanding ransoms for decryption keys.
  • Halcyon discovered that Codefinger has encrypted at least two victims' S3 buckets using compromised AWS credentials to access encryption keys.
  • The attack sets a seven-day file deletion policy and warns victims against changing permissions, threatening to end negotiations if they do.
  • Amazon stated they notify customers of exposed keys and encourage strict security protocols to prevent unauthorized access.
Insights by Ground AI
Does this summary seem wrong?

14 Articles

Tech RadarTech Radar
Center

AWS S3 feature exploited by ransomware hackers to encrypt storage buckets

AWS server-side encryption is being abused in the next evolution of ransomware

·United Kingdom
Read Full Article
The RegisterThe Register
Center

Ransomware crew abuses AWS native encryption

'Codefinger' crims on the hunt for compromised keys

Read Full Article
BleepingComputerBleepingComputer
Reposted by
buaq.netbuaq.net
Center

Ransomware abuses Amazon AWS feature to encrypt S3 buckets

A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key. [...]

Read Full Article
ForbesForbes
Reposted by
OODA LoopOODA Loop
Center

New Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment

Threat researchers have identified a new “recovery impossible” ransomware campaign targeting Amazon Web Services. Here’s what you need to know.

·United States
Read Full Article
HackReadHackRead

New Codefinger Ransomware Exploits AWS to Encrypt S3 Buckets

Codefinger ransomware is targeting Amazon S3 buckets leveraging AWS's Server-Side Encryption with Customer-Provided Keys to encrypt data.

Read Full Article
technewstube.comtechnewstube.com

Ransomware Crew Abuses AWS Native Encryption, Sets Data-Destruct Timer for 7 Days

A new ransomware group called Codefinger targets AWS S3 buckets by exploiting compromised or publicly exposed AWS keys to encrypt victims' data using AWS's own SSE-C encryption, rendering it inaccessible without the attacker-generated AES-256 keys. While other security researchers have documented techniques for encrypting S3 buckets, "this is the first instance we know of leveraging AWS's native secure encryption infrastructure via SSE-C in the …

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

Forbes broke the news in United States on Monday, January 13, 2025.
Sources are mostly out of (0)

Similar News Topics

Amazon icon

Amazon

Hacking icon

Hacking

Technology icon

Technology

Cybercrimes icon

Cybercrimes

Cyber Security icon

Cyber Security

You have read 1 out of your 5 free daily articles.

Join millions of well-informed readers who use Ground to compare coverage, check their news blindspots, and challenge their worldview.

News
For You
SearchBlindspotLocal