Excerpt from Forbes Article, Published on Jan 14, 2025.
A new ransomware campaign, dubbed Codefinger, has been confirmed to target Amazon Web Services (AWS) users, posing a serious threat to organizations relying on cloud-based data storage. Detailed in a January 13 report by Halcyon’s threat intelligence team, the attack exploits AWS’s server-side encryption with customer-provided keys (SSE-C), encrypting data and demanding payment for the AES-256 keys required for decryption. The Codefinger ransomware attack is alarming due to its unique integration with Amazon’s secure encryption infrastructure. Unlike traditional ransomware, which encrypts files locally or in transit, this attack directly leverages AWS’s built-in encryption mechanisms. According to Halcyon researchers, recovery is “impossible without the attacker’s key,” making the situation critical for affected businesses.
The attack flow begins with identifying vulnerable AWS keys, often through compromised credentials. Once accessed, the attacker encrypts files using SSE-C and applies lifecycle policies for file deletion within seven days. A ransom note warns victims against altering account permissions or files, emphasizing the urgency of payment. Notably, the attack doesn’t exploit any vulnerabilities in Amazon’s systems. Instead, it relies on compromised account credentials, highlighting the importance of robust security practices. Darren James, senior product manager at Specops Software, stressed the role of strong passwords and phishing-resistant two-factor authentication (2FA) in mitigating such threats.
Amazon has responded by reaffirming its shared responsibility model for cloud security. An AWS spokesperson emphasized the company’s proactive measures, including notifying customers of exposed keys and investigating reports. “We encourage all customers to follow security, identity, and compliance best practices,” the spokesperson said, urging users to contact AWS Support if they suspect credential exposure. As ransomware attacks like Codefinger grow increasingly sophisticated, experts urge organizations to prioritize preventative measures, including robust authentication protocols and regular audits of cloud security practices, to safeguard critical data stored on Amazon Web Services.
To delve deeper into this topic, please read the full article Forbes.
