Add s3 Ransomware Article

[Frichetten]

VX-Underground raised some awareness about S3 ransomware capabilities. I think this is an indicator that the general security community is unaware that S3 ransomware is a real thing you can do and as a result, it would be good to share info about it. I'm particularly interested in methods that are irreversible for AWS to fix as that is clearly the most harmful.

References:

• https://medium.com/@harsh8v/redefining-ransomware-attacks-on-aws-using-aws-kms-xks-dea668633802
• https://www.paloaltonetworks.com/blog/prisma-cloud/ransomware-data-protection-cloud/
• https://www.chrisfarris.com/post/effective-aws-ransomware/
• https://www.vectra.ai/resources/cloud-native-ransomware-how-attacks-on-availability-leverage-cloud-services

[Frichetten]

Some more refernces:

• https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html
• https://www.forbes.com/sites/daveywinder/2025/01/15/new-amazon-ransomware-attack-recovery-impossible-without-payment/

[bleonproko]

I am also writing an article that will put together different ways on how these attacks are done and what can be done against them, which I will also share on HackingTheCloud