Introduction
Do you use Amazon Cloud Storage?
Amazon S3?
If these names sound familiar, then you know about Amazon Web Services. What you might not know their cloud services are being infected with a new, advanced type of ransomware that spells trouble for remote databases everywhere.
What Is AWS?
For those who aren’t as familiar, let’s delve behind Amazon Web Services for a moment.
AWS is like a giant toolbox in the cloud. Businesses and developers subscribe to get access to tools and services that build and run applications, store data, and manage their IT infrastructure. Instead of buying and maintaining physical servers, companies can use AWS to rent computing power, storage, and other resources over the internet.
The service also allows customers to create their own crytographic key, or cryptokey. These codes store the person’s account credentials in scrambled tokens that they only unlock (A.K.A. “decrypt”) with that cryptokey or code.
In the new ransomware scheme called Codefinger, hackers target users of AWS cloud storage.
How the Exploit Works
Attackers are essentially overriding the feature that allows users to encrypt their data with their own cryptokeys. The attack doesn’t exploit any vulnerability in AWS itself. Instead, it relies on obtaining the victim’s AWS credentials through phishing or other means. Never give your private information to ANYONE, much less someone over the internet.
In simple terms, it’s like someone sneaking into your storage unit, putting a new lock on it, and then demanding money to give you the key. Worse, they tricked you into giving them the key to the combination lock in the first place!
Ransomware affected 59% of organizations last year. Ransomware actors grow more savvy every day.
Diving Deeper Into Ransomware
Now let’s dive into what actually happens in a Codefinger attack.
- Access: Hackers get hold of someone’s AWS account credentials (like a username and password).
- Encryption: A feature called Server-Side Encryption provides Customer Provided Keys (SSE-C) to users, which encrypts their data in storage (S3 buckets) with individual key codes.
- Locking Data: The hackers encrypt the files using a new SSE-C key, meaning only they can unlock data.
- Ransom: With the data locked, the victim can’t access it unless they pay the hackers for the decryption key.
Once a threat actor encrypts your data, you cannot recover it without the attacker’s decryption code. That’s likely a password of some sort. The ransomware threat includes warnings not to try to change any data permissions or modify files, because this will automatically erase all the stolen data.
All of this makes the attack particularly dangerous and effective. People don’t want to put their data at risk of deletion. They might not have any file backups to rely on.
Protecting Your Accounts From Ransomware
The best protection against ransomware is a strong, proactive defense. First and foremost, back up your systems — yes, even your cloud storage needs a secondary, remote back up system to rely on. In situations just such as these, you want secondary file storage ready to swoop in if your primary backup system fails for any reason.
Think of it like this: Are the files saved to your computer saved to Google Drive (or Microsoft OneDrive, etc.) too? That means you can access them even if a hacker targets one of those databases.
So what makes proactive defense so important in navigating ransomware attacks…and any other cyber threat that comes your way?
First and foremost, you should never pay the ransom, under any circumstances.
By having up-to-date storage files that you check regularly for effectiveness, you can completely circumvent the issue of decrypting ransomware.
Conclusion
If you are infected by ransomware, it’s important to act quickly. Remember that 90% of ransomware victims who pay, never access all of their files back.
Remember to also keep your systems up to date so that they are equipped with the latest defenses against zero-day vulnerabilities that could open their systems to further malware.
Whether you’re a consumer of Amazon Web Services or any other cloud provider, advances in cyberattack methods affect all of us. Digital incidents like these also signal trends in the cyber-threat landscape that will herald the future of data threats AND data security.
The post New Ransomware Targets Amazon AWS appeared first on .
