HomeCrimeCodefinger Hackers Turn AWS Encryption Against Users—A New Ransomware Threat

Codefinger Hackers Turn AWS Encryption Against Users—A New Ransomware Threat


Cybercriminals are now using Amazon Web Services’ (AWS) own tools to lock users out of their data. Researchers from Halcyon discovered that hackers, dubbed “Codefinger,” are exploiting AWS’s server-side encryption with customer-provided keys (SSE-C) to encrypt customer data and demand ransoms.

Here’s how it works: hackers steal AWS credentials, access encryption keys, and use SSE-C to lock users out. Victims are given seven days to pay up, or their files are deleted. What’s worse? There’s no known way to recover the data without paying the ransom.

AWS is responding by notifying affected customers and investigating exposed keys. They’re also urging users to avoid storing credentials in source code or configuration files.

This attack highlights the growing sophistication of ransomware operators, who are now leveraging legitimate tools to carry out their schemes. To stay protected, enable multi-factor authentication, regularly audit permissions, and monitor S3 bucket access.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Membership Plan

Free Membership

$0 AUD /month

Basic Membership

$40 AUD /month

Premium Membership

$100 AUD /month

Elite Membership

$400 AUD /month

CATEGORIES

Most Popular

Recent Comments