Does your organizations use Amazon S3 for data storage?
Beyond the recent news posted about ransomware threats for organizations using Amazon’s AWS - there is a larger threat. You may have already heard about Codefinger - on how it targets a user’s server side encryption, where it infiltrates the user’s profile. The hackers re-encrypt the data so the user is not unable to retrieve their data storage.
Server side encryption allows users to encrypt their objects and images before sending them to Amazon’s Single Storage Service (S3). This enables users to retrieve and store their data online with easy access - by giving users custom keys to encrypt that data.
But, when the ransomware overtakes the data, the hackers develop their own key that directly attacks an AWS SSE-C account (not AWS’s entire infrastructure). As always, weak passwords and lack of two-factor authentication of course, opens the door for unwarranted attacks. In our earlier “Sitting Ducks” blog - we mentioned any floating accounts with valuable data are a big opportunity for hackers to exploit.
This time, you can’t even restore your data: a new advantage to hackers’ ransomware attacks centers around an undeveloped method to restore control to the original users’ data keys; users then fall victim to extortion. Ransoms set a maximum of seven days to scare users into paying their fees faster. Any attempts from the user to restore, deactivate, or edit their account settings or passwords may result in threats to delete data.
Javvad Malik, a security awareness advocate, insists that the government should act alongside organizations to “minimize the disruption from ransomware.” Additional network security firms advise organizations to keep their files enclosed and private. Meanwhile, AWS have said they notify customers when one of their keys has been accessed without their consent - encouraging customers to follow maximum protection procedures to avoid ransom attacks happening to their accounts.
SpaceBound strongly encourages organizations to have a point person to ensure their employees keep their accounts secure by using strict passwords with two-factor authentication. And, if you have any inactive keys, remove them - plus, you need to continually monitor your active keys for AWS. Be sure to report any suspicious activity that isn’t yours as soon as possible and know how to detect phishing attempts.
With our IT Solutions Team, your organization will have an IT group that looks out for you, ensuring your organization is updated about the latest cyber threats. And, with data worth more than gold - we also provide data backup management and disaster recovery services too.
Sources:
Halcyon on Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C
