
COMING SOONIntermediatePRO
AWS S3 Ransomware: SSE-C Encryption (Codefinger)
Client deliverables and backups at a professional-services firm are silently re-encrypted overnight using a legitimate AWS storage feature. No malware runs on any host. Working through CloudTrail, piece together how stolen service-account keys were used to install a countdown clock and lock every object behind a key only the attacker holds.
40m
7 tasks
50 points
ProLaunches in 5 days
Jul 7, 2026
View Pro plansTuesday, July 7, 2026 at 9:00 AM
Pro unlocks this operation at launch.
Training Tools
Cloud
What you'll investigate
7 objectives unlock when this operation goes live.
1Identify the account used by the attacker
2Find the primary bucket targeted
3Confirm the first attacker egress IP
4Locate the countdown mechanism
5Characterize the encryption method
6Map the initial access to MITRE
7Classify the impact technique
Be first when it launches
Create your account and grab Pro before launch. The moment this operation goes live on Jul 7, 2026, you can jump straight in.
Get Started FreeNo credit card required — free forever