Davey Winder reports:
Ransomware is a cybersecurity threat that just won’t go away. Be it from groups such as those behind the ongoing Play attacks, or kingpins such as LockBit returning from the dead the consequences of falling victim to an attack are laid bare in reports exposing the reach of ransomware across 2024. A new ransomware threat, known as Codefinger, targeting users of Amazon Web Services S3 buckets, has now been confirmed. Here’s what you need to know.
A new ransomware campaign targeting Amazon Web Services users by a threat actor known as Codefinger has been confirmed in a Jan. 13 threat intelligence report from Halcyon threat research and intelligence team. The Codefinger attack leverages AWS’s server-side encryption with customer-provided keys, thankfully usually shortened to SSE-C, in order to encrypt data and then demand payment for the symmetric AES-256 keys that are required for it to be successfully decrypted. “This ransomware campaign is particularly dangerous because of SSE-C’s design,” the Halcyon researchers warned, “by integrating directly with AWS’s secure encryption infrastructure and encrypting the data, recovery is impossible without the attacker’s key.”
Read more at Forbes.