I have been engineering solutions based on Amazon S3 for many years. I firmly believe that S3 is one of the most significant advancements in the IT industry over the past two decades. Its design, programmability, and ability to raise events and implement sophisticated choreographies are unparalleled.

I have designed solutions and used S3 to design extremely secure solutions targeting the most sensitive information I was called to protect. Solution capable of scaling up to theoretically infinite capacities, all of this in an on-demand flavor, with redundancy, WORM compliance etc. etc. I am sure many of you know the service and understand that the only limit with AWS S3 is your ability to design solutions, all the rest is there.

The service is simply outstanding but, all in all, S3 is a storage solution. As storage it is subject to the typical attacks a storage solution can be subject to. One of them is a new trend for ransom attacks on S3 Storage.

This very article introduces you to the concept of the ransomware attacks on S3:

https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c

This article provides insights on how to detect and respond to these attacks:

https://raphabot.com/articles/simulating-detecting-and-responding-s3-ransomware/

I believe that all architects, practitioners, and developers should be aware of these implications and countermeasures.