Codefinger is the first known ransomware group exploiting AWS’s SSE-C encryption, locking victims' data in S3 buckets and demanding ransom for decryption keys.
Halcyon’s Tim West noted that Codefinger utilizes compromised AWS keys to conduct its attacks, creating a systemic risk for organizations using AWS S3 storage.
After compromising AWS keys, Codefinger employs a locally stored AES-256 key for encryption, rendering victims unable to access their data without paying the ransom.
Codefinger's tactics involve deleting compromised data within seven days, which contrasts with typical ransomware operations that may threaten to leak information.
Collection
[
|
...
]