Malicious Encryption Protection

How does Wasabi protect against malicious encryption?

Wasabi supports the HTTPS protocol for encryption during data transmission to and from Wasabi. There are several ways to ensure that you are protected from malicious encryption of your data:

If you use third-party tools to interact with Wasabi, contact the developers to confirm that their tools also support the HTTPS protocol.

• If you require encryption for data at rest, Wasabi supports server-side encryption (SSE). The SSE options include SSE-S3 (using AES256 encryption - X-Amz-Server-Side-Encryption: AES256) and SSE-C (customer-based key - X-Amz-Server-Side-Encryption-Customer-Key). You can specify the SSE parameters using your S3 client application when you write objects to the bucket.

• You can restrict access to your data using IAM policies that specify the users who can access specific buckets and objects. IAM policies provide a programmatic way to manage S3 permissions for multiple users.

• You can sign up for Wasabi Direct Connect options to prevent exposure to the public internet when transferring and receiving data. Wasabi Direct Connect and AWS Direct Connect are connectivity options used for high-speed, dedicated connections to the Wasabi service.