Holding blobs for ransom: Four methods for Azure Storage ransomware
ID: e2de927c-c77e-5ef2-87eb-bfc5f2d36976
STIX ID: report--e2de927c-c77e-5ef2-87eb-bfc5f2d36976
Feed Name: Datadog Security Labs
This report analyzes four methods attackers can use to render Azure Blob Storage data inaccessible—downloading/reuploading blobs to overwrite them, abusing customer-provided encryption keys (CPK), creating/using encryption scopes, and switching storage to customer-managed keys (CMK)—provides example API calls and logging details, cites real-world incidents (BlackCat/Sphynx and Microsoft STORM-0501), highlights detection/logging gaps, and gives mitigation and monitoring recommendations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
