AWS S3 Buckets Under Siege: New Ransomware Exploits SSE-C
informationsecuritybuzz.com
Research from the Halcyon RISE Team has revealed that a ransomware actor dubbed “Codefinger” has launched a new campaign on Amazon S3 buckets, leveraging WS’s Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data and render victims powerless to recover data without paying the ransom.
New Technique a Systemic Threat
Halcyon says this tactic “represents a significant evolution in ransomware capabilities” and that its widespread use could “pose a systemic threat to organizations using Amazon S3 for critical data storage.”
Unlike traditional ransomware that encrypts files locally or in transit, this attack integrates directly with AWS’s secure encryption infrastructure, meaning recovery is impossible without the attacker’s symmetric AES-256 key. Moreover, as AWS CloudTrail logs only the encryption key’s hash-based message authentication code (HMAC), log evidence is limited, and recovery and forensic analysis are impossible.
Understanding the Attacker’s Workflow
According to ...
Copyright of this story solely belongs to informationsecuritybuzz.com . To see the full text click HERE