AWS Ransom Drama: Codefinger Strikes with Stolen Keys and Encryption Hijinks

Codefinger, the cyber mischief-maker, is turning AWS keys into ransom demands by encrypting data in S3 buckets, leaving victims in a pickle. Instead of exploiting AWS vulnerabilities, they snatch credentials and use AWS’s own encryption tools to lock up data tighter than a jar of pickles.

3P
Published: January 14, 2025 12:21 pmAdded: January 14, 2025 at 4:43 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Well, it looks like hackers have finally found a way to make AWS users pay an unexpected subscription fee—except, this one doesn’t come with any new features, just a hefty dose of panic and an existential crisis about cloud security!

Key Points:

  • Threat actor “Codefinger” is encrypting data in AWS S3 buckets using stolen credentials.
  • The attack leverages AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C).
  • Victims are left with ransom notes demanding payment for decryption keys.
  • Files are marked for deletion within seven days to add pressure.
  • Organizations can mitigate risks by reviewing and restricting permissions for AWS keys.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?