Why Codefinger represents a new stage in the evolution of ransomware

Posted on by

To prove the point, here’s a look at why Codefinger is so significant and which measures organizations should take to prevent themselves from falling victim to the next generation of ransomware attacks.

What is Codefinger?

The Codefinger breach, which was announced in early 2025, targeted key credentials for storage buckets on Amazon S3, a popular cloud-based storage service. After stealing victims’ S3 keys, threat actors associated with the Codefinger group (hence the ransomware attack’s name) used the S3 keys to encrypt the data stored in the targets’ S3 buckets and demanded a ransom to release it.

The underlying mistake that exposed organizations to attack was poor key management practices. Software developers who used S3 keys as part of their workflows didn’t store the keys in a secure location, making them accessible to attackers.