Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data
October 16, 2024 at 07:39AM The analyzed Golang ransomware exploits Amazon S3 Transfer Acceleration to exfiltrate files to attacker-controlled buckets, utilizing hard-coded AWS credentials. It mimics LockBit ransomware to manipulate victims. AWS confirmed these actions violated its policies and suspended the implicated account. Monitoring AWS credentials can serve as potential Indicators of Compromise (IOCs). ### … Read more