Cloud Ransomware Developments | The Risks of Customer-Managed Keys

Ransomware actors are increasingly abusing native cloud features to target critical data. A recent threat actor campaign, as detailed in the Halcyon blog, was observed abusing Amazon Web Services (AWS) Server-Side Encryption with Customer-Provided Keys (SSE-C). By encrypting S3 objects with their own keys, attackers render data irretrievable, abusing AWS features and services through the use of stolen credentials in an attempt to simplify their efforts with less infrastructure to manage.