Ransomware Strikes Again: Codefinger Holds Amazon S3 Buckets Hostage!
Ransomware group Codefinger has found a new way to encrypt Amazon S3 buckets using AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C). These keys are only known to the attackers, making data recovery impossible without paying the ransom. Talk about being “bucket-listed” in the worst way possible!
Hot Take:
Looks like cloud storage just got a little stormy! Meet Codefinger, the villain of the week who’s making Amazon S3 buckets sweat with their SSE-C encryption shenanigans. This ransomware campaign is like a bad reality show where the only prize is your own data, and the only way to win is to cough up Bitcoin for a decryption key. In the world of cloud storage, it’s always sunny until someone decides to rain on your parade with a custom AES-256 key!
Key Points:
- Codefinger is encrypting Amazon S3 buckets using SSE-C encryption keys only they possess.
- Victims are left helpless without the decryption key, as AWS doesn’t store these keys.
- The attack includes a seven-day file deletion policy and ransom demands in Bitcoin.
- Amazon and Halcyon suggest stringent security measures to prevent such attacks.
- Frequent key rotation and minimal account permissions are recommended for AWS users.