Skip to main content
AWS S3 Ransomware: SSE-C Encryption (Codefinger) operation cover
COMING SOONIntermediatePRO

AWS S3 Ransomware: SSE-C Encryption (Codefinger)

Client deliverables and backups at a professional-services firm are silently re-encrypted overnight using a legitimate AWS storage feature. No malware runs on any host. Working through CloudTrail, piece together how stolen service-account keys were used to install a countdown clock and lock every object behind a key only the attacker holds.

40m
7 tasks
50 points
Pro

Launches in 5 days

Jul 7, 2026

Tuesday, July 7, 2026 at 9:00 AM

View Pro plans

Pro unlocks this operation at launch.

Training Tools

Cloud

What you'll investigate

7 objectives unlock when this operation goes live.

1Identify the account used by the attacker
2Find the primary bucket targeted
3Confirm the first attacker egress IP
4Locate the countdown mechanism
5Characterize the encryption method
6Map the initial access to MITRE
7Classify the impact technique

Be first when it launches

Create your account and grab Pro before launch. The moment this operation goes live on Jul 7, 2026, you can jump straight in.

Get Started Free

No credit card required — free forever