According to Trend Micro, attackers are probing a range of S3 setups, from buckets with AWS-managed KMS keys to customer-provided keys, imported key material, and even entirely external key stores.
Why S3 is the new ransomware battleground
On-premise ransomware traditionally involved dropping malware, encrypting desktops or servers, and threatening payment. But as organizations have migrated critical workloads and backups to cloud services, researchers noted, attackers are following the data.
The Trend Micro report lists several prime cloud targets, including compute snapshots, static storage (S3) buckets, databases, containers/registries, and backup vaults. Among these, S3 is especially valuable because it often holds backups, logs, configuration data, and static assets–things an organization most wants back.
