New ransomware campaign exploiting Amazon Web Services (AWS)
New ransomware campaign exploiting Amazon Web Services (AWS)
🌐 A few details...
The group called "Codefinger" used compromised AWS account credentials to encrypt data with AES-256 encryption keys that only the attackers know.
This approach renders the data unrecoverable without paying the ransom, as AWS only logs a HMAC of the encryption key, which is insufficient for forensic analysis or data recovery.
The attackers add pressure by setting lifecycle policies to delete the encrypted files within seven days.
⚡ How to protect?
AWS has emphasized the importance of robust identity, compliance, and access management practices to mitigate these risks, and has provided guidance to customers on securing their AWS environments.
Please refer to the Amazon AWS documentation for more information.