A ransomware gang dubbed Codefinger is encrypting data stored in target organizations’ AWS S3 buckets with AWS’s server-side encryption option with customer-provided keys (SSE-C), and asking for money to hand over the key they used. They do not exfiltrate the data beforehand, but mark the encrypted files for deletion within seven days, thus adding more pressure on organizations to pay the ransom. How does the attack unfold? The threat actor leverages targets’ previous compromised (whether … More
The post Attackers are encrypting AWS S3 data without using ransomware appeared first on Help Net Security.
