Product
high
advisory
AWS Backup Recovery Point Deletion as Anti-Recovery Tactic
1 rule 1 TTPAdversaries are leveraging the AWS Backup `DeleteRecoveryPoint` API call by non-service principals to remove critical data backups, a high-signal anti-recovery technique observed in ransomware and data-destruction attacks that prevents victims from restoring associated data.
AWS Backup
cloud
aws
anti-recovery
ransomware
data-destruction
1r
1t
high
advisory
AWS Backup Vault Deleted or Vault Lock Removed
1 rule 2 TTPsAn adversary is detected performing anti-recovery actions in AWS Backup by deleting backup vaults or removing their Vault Lock configurations via the DeleteBackupVault or DeleteBackupVaultLockConfiguration API calls, serving as a strong precursor to ransomware or data destruction, preventing organizations from restoring critical data.
AWS Backup
cloud-security
aws
anti-recovery
defense-evasion
impact
1r
2t