Detection & Evasion

What about attacks that use no ransomware binary, such as the Codefinger attack?

In January 2025, attackers used compromised AWS credentials to encrypt S3 bucket data with AWS’s own SSE-C encryption and an attacker-held key. No ransomware binary executed and no endpoint was involved. Because Elastio inspects the data itself rather than the process that encrypted it, attacks like this are still detectable.

Last updated May 27, 2026

Related terms

Deep File Inspection

Related Elastio resources

Solution briefSecure S3 with Advanced Ransomware and Malware Scanning BlogWhat Happens When Attackers Encrypt Your Data Off Platform?

See how Elastio proves clean recovery

Elastio hunts for ransomware inside your live, replicated, and backup data and pinpoints the last recovery point proven clean.

Explore the platform Request a demo

Related questions

What threats besides ransomware does Elastio find?Why is anomaly or entropy detection not enough?What results has Elastio seen across customers?How does ransomware bypass security?What is ransomware prevention?What file extensions does ransomware leave or change?

PreviousCan Elastio detect insider threats?NextWhat threats besides ransomware does Elastio find?