Ransomware Codefinger Attacks AWS Users, Kaspersky Reveals Its Prevention Steps

JAKARTA - A report by the research institute Halycon published on January 13, found a ransomware attack called Codefinger, which has been confirmed to attack users of the Amazon Web Services (AWS) S3 platform.

The findings highlight that many users have the potential to be at risk of being exposed to new attacks, as AWS keys that are compromised or disclosed to the public (or credentials) can serve as entry points for cyberattacks.

Based on data from Kaspersky Digital Footprint Intelligence, in the first two weeks of January 2025 alone, more than 100 unique accounts for the AWS platform have been compromised and published on the dark web.

Responding to the issue, Kaspersky said that although AWS credentials are on an alarming scale, these risks can be managed through proactive security practices.

The global cybersecurity company also advises users to be careful when downloading files from unknown or unknown sources, ensuring all devices are protected with reliable and up-to-date security solutions, and avoiding sharing sensitive information publicly.

Don't forget to also maintain separate credentials for various services and enable multifactor authentication (MFA) is an important step to improve security.

"Organization can also take proactive action by scanning the scope of the dark web for exposed credentials and immediately changing the credentials found when infiltrated," Kaspersky said in a written statement quoted Monday, January 20.

Also, updating passwords and access keys regularly, combined with the use of password management tools, is a good practice to strengthen defense.

In addition, adopting role-based access management and complying with the principle of the lowest privilege can minimize the impact of potential violations.

"By following these recommendations, users and organizations can significantly reduce the chances of becoming victims of threats such as Codefinger and similar attacks," he concluded.