New technique: GCS Ransomware through individual deletion

Open xathrya opened this issue 10 months ago • 2 comments

Similar to AWS S3 ransomware technique but specific to Cloud Storage bucket. Delete each file (and version) on bucket and put ransom note.

This technique is developed as part of Grab's purple teaming activity and we want to share it so more people can get the benefit.

Co-authored-by: Satria Ady Pradana [email protected]

Mar 07 '25 10:03 xathrya

Any reference url of the research blog or threat research with the attack tactic?

May 14 '25 09:05 AnkurYogi

This is porting of AWS ransomware attack but within GCP. In the references I put the blog post that is related to AWS, but still applicable to GCP.

May 15 '25 03:05 xathrya