This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions.
Article Link: Fake LockBit Real Damage Ransomware Samples Abuse AWS S3 to Steal Data | Trend Micro (US)