Halcyon’s research and intelligence team reports new ransomware that is “impossible” to decrypt. The campaign targets Amazon Web Services customers.

Unlike common ransomware that encrypts files locally or in transit, the new attack leverages AWS encryption infrastructure (SSE-C) to lock data with AES-256 symmetric keys. In this way it becomes impossible (or very difficult) to decrypt the content without the attacker’s keyResearchers explained.

HE new campaign does not exploit any AWS vulnerabilitieshowever, victims can access their accounts through weak or previously exposed credentials.

GettyImages Codefinger ransomware attack leverages weak or previously compromised passwords to gain access to victims’ files. (Source: GettyImages)

“This is a good example of how reusing passwords, easy-to-access keywords, or lack of two-factor authentication will set the administrator back,” said Darren James, senior product manager at Specops Software. Forbes.

New ransomware attack, according to researchers Known as Codefinger. First report A meeting of Halcyon researchers took place on Monday (13).

“If spread rapidly, ransomware could pose a systemic threat to organizations using AWS S3 to store critical data,” the researchers said.

Codefinger attack flow

Halcyon’s attack flow goes like this:

  1. Publicly or previously exposed AWS keys are identified;
  2. Files are encrypted using SSE-C with a locally generated and stored AES-256 encryption key;
  3. File deletion policies are typically defined for 7 days using S3 Object Lifecycle Management;
  4. Adds a note to each affected directory stating that changes to permissions or files caused negotiations to end.

Amazon’s description

in contact with ForbesAn Amazon spokesperson notes that the company “helps consumers keep their cloud resources safe based on a shared responsibility model”; Company warns if access keys are compromised in any way.

In addition, the company also He promises to investigate all reports of exposed keys and take necessary actions quickly. “We encourage all consumers to follow security, identification and compliance best practices.”

Source: Tec Mundo

Previous articleEnd of Severance 2×01 Explained: What happens to Miss Casey and what is the Cold Harbor Project?
Next articleAndroid creator says Bill Gates is responsible for Microsoft’s mobile phone debacle
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.

LEAVE A REPLY

Please enter your comment!
Please enter your name here