White Paper
Attack Overview
A new ransomware campaign has surfaced, leveraging Amazon Web Services’ (AWS) Server-Side Encryption with Customer Provided Keys to encrypt data in Amazon S3 buckets.
This attack was launched by a group known as “Codefinger,” to exploit legitimate cloud-native features rather than vulnerabilities in AWS itself.
The attackers use compromised AWS account credentials with permissions to read and write S3 objects. By employing AWS’s SSE-C feature, they encrypt data stored in targeted S3 buckets with AES-256 encryption keys that only they possess.
This innovative approach renders the data irrecoverable without paying the ransom.
Unlike traditional ransomware, which encrypts files locally or in transit, this attack integrates seamlessly with AWS’s built-in encryption infrastructure.
Download the full whitepaper to learn how CYCL can help you secure your cloud environment with confidence.
