Cloud Security Alliance

AWS Ends SSE-C Encryption, and a Ransomware Vector

SSE-C stands (well, stood) for “Server Side Encryption- Customer-provided keys”. It allowed you to provide an encryption key when you put an object into S3. That key was used by S3 to encrypt the data ...
Bleeping Computer

Ransomware abuses Amazon AWS feature to encrypt S3 buckets

A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption ...