Ransomware called “Codefinger” is exploiting AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt Amazon S3 buckets, demanding ransoms for decryption keys. Victims lose access to data since AWS doesn't store encryption keys. Attackers use compromised credentials to encrypt data and threaten deletion if victims alter files. Amazon advises customers to implement strict security measures, including disabling unnecessary SSE-C, rotating keys, and minimizing account permissions.
Ransomware Abuses Amazon AWS Feature to Encrypt S3 Buckets
