A new ransomware campaign targeting Amazon Web Services users by a threat actor known as Codefinger has been confirmed in a Jan. 13 threat intelligence report from Halcyon.
The Codefinger attack leverages AWS's server-side encryption with customer-provided keys, usually shortened to SSE-C, in order to encrypt data and then demand payment for the symmetric AES-256 keys that are required for it to be successfully decrypted.
This ransomware campaign is particularly dangerous because of SSE-C's design, by integrating directly with AWS's secure encryption infrastructure and encrypting the data, recovery is impossible without the attacker's key.
Collection
[
|
...
]