Researchers have identified a new ransomware threat actor dubbed “Codefinger” targeting Amazon S3 buckets leveraging AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data, demand ransom payments for the symmetric AES-256 keys required to decrypt it. This attack doesn’t require the exploitation of any AWS vulnerability but instead relies on the threat actor first obtaining an AWS customer’s account credentials. With no known method to recover the data without paying the ransom, this tactic represents a significant evolution in ransomware capabilities
You can read more at the link below:
https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c
Darren James, a Senior Product Manager at Specops Software, commented:
“This is a great example of where password reuse or sticking with easy to guess passwords, along with no two-factor authentication, will come back to bite admins.
Admins are human just like the rest of us, and we all hate passwords and have too many to remember, so they, just like us, fall into bad habits, such as using default passwords or an easily guessable password, or reusing the same password across multiple systems. We’ve seen this on a number of occasions when we run our Specops Password Auditor tool and in our own analysis of stolen credentials.
It’s vitally important for admins especially to make sure that they use different passwords for all systems they use and enable strong, phishing resistant 2FA wherever possible.
If they had used these simple steps, this latest ransomware attack could have been avoided.
On the upside, at least SSE-C is a strong encryption method, but it is not good to see it used against the good guys rather than for them.”
This illustrates that doing the simple stuff will help you to not get pwned by threat actors. Thus this should serve as wake up call to do just that ASAP.
Like this:
Like Loading...
Related
This entry was posted on January 13, 2025 at 1:58 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New “Codefinger” Ransomware Abuses Amazon AWS to Encrypt S3 Buckets
Researchers have identified a new ransomware threat actor dubbed “Codefinger” targeting Amazon S3 buckets leveraging AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data, demand ransom payments for the symmetric AES-256 keys required to decrypt it. This attack doesn’t require the exploitation of any AWS vulnerability but instead relies on the threat actor first obtaining an AWS customer’s account credentials. With no known method to recover the data without paying the ransom, this tactic represents a significant evolution in ransomware capabilities
You can read more at the link below:
https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c
Darren James, a Senior Product Manager at Specops Software, commented:
“This is a great example of where password reuse or sticking with easy to guess passwords, along with no two-factor authentication, will come back to bite admins.
Admins are human just like the rest of us, and we all hate passwords and have too many to remember, so they, just like us, fall into bad habits, such as using default passwords or an easily guessable password, or reusing the same password across multiple systems. We’ve seen this on a number of occasions when we run our Specops Password Auditor tool and in our own analysis of stolen credentials.
It’s vitally important for admins especially to make sure that they use different passwords for all systems they use and enable strong, phishing resistant 2FA wherever possible.
If they had used these simple steps, this latest ransomware attack could have been avoided.
On the upside, at least SSE-C is a strong encryption method, but it is not good to see it used against the good guys rather than for them.”
This illustrates that doing the simple stuff will help you to not get pwned by threat actors. Thus this should serve as wake up call to do just that ASAP.
Share this:
Like this:
Related
This entry was posted on January 13, 2025 at 1:58 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.