Source: Forbes
“A new ransomware campaign targeting Amazon Web Services users by a threat actor known as Codefinger has been confirmed in a Jan. 13 threat intelligence report from Halcyon threat research and intelligence team. The Codefinger attack leverages AWS’s server-side encryption with customer-provided keys, thankfully usually shortened to SSE-C, in order to encrypt data and then demand payment for the symmetric AES-256 keys that are required for it to be successfully decrypted. ‘This ransomware campaign is particularly dangerous because of SSE-C’s design,’ the Halcyon researchers warned, ‘by integrating directly with AWS’s secure encryption infrastructure and encrypting the data, recovery is impossible without the attacker’s key.'” (01/14/25)