A new ransomware campaign targeted Amazon Web Services (AWS) users. The attack uses AWS’s server-side encryption with customer-provided keys (SSE-C) to lock data and demands payment for the decryption keys, making it impossible to recover data without paying the ransom.
In a report released on January 13, Malwarebytes experts announced that threat actors have exploited Amazon’s feature of using server-side encryption with customer-provided keys (SSE-C) to encrypt data, to target organizations that use AWS S3 for critical data. This tactic, which leverages Amazon’s SSE-C that allows customers to encrypt their data with their own keys, aims to steal customer credentials rather than exploit AWS vulnerabilities. Experts warn that this could be a significant evolution in ransomware.
Amazon Web Services (AWS) highlights its shared responsibility model for cloud security and has notified affected customers of exposed keys and takes actions like applying quarantine policies to reduce risks. They encourage customers to use strong passwords and enable 2FA. AWS also provides support for customers who suspect their credentials may be exposed. However, as of this moment, cybersecurity experts have recently deemed this attack “Recovery Impossible” without payment.
#CyTech #cybernews #cybersecurity #ciso #cisoworkplace #Amazon #AWS #ransomware
Leave a Reply