AWS encryption attack mitigation

We have a few websites now where files are being stored in the cloud using Amazon S3 storage.

So bringing to your attention a new ransomware attack which involves hackers getting access to your AWS credentials and using them to encrypt your files while also setting them to be deleted if a ransom is not paid (full story linked below).

In addition to ensuring your access keys are protected, you can also remove the encryption option from your AWS account for the bucket in question.

This is done by updating the S3 bucket policy with an additional clause:

{
  "Sid": "RestrictSSECObjectUploads",
  "Effect": "Deny",
  "Principal": "*",
  "Action": "s3:PutObject",
  "Resource": "arn:aws:s3:::example-bucket-name/*",
  "Condition": {
    "Null": {
      "s3:x-amz-server-side-encryption-customer-algorithm": "false"
    }
  }
}

The attack is described in more detail here and the mitigation here.

If you need assistance updating your S3 policy we are ready to help.

Related link

• Ransomware abuses Amazon AWS feature to encrypt S3 buckets »

Chirp office Easter closing dates »