New Codefinger Ransomware Exploits AWS to Encrypt S3 Buckets

A new ransomware campaign, attributed to “Codefinger,” targets Amazon S3 buckets by exploiting Server-Side Encryption with Customer-Provided Keys (SSE-C). The attackers encrypt data using unique AES-256 keys, making data recovery impossible without paying the ransom. Organizations should adopt multi-layered security approaches, including strong access controls and proactive monitoring, to mitigate cloud attack risks.