Recently, an adversary named Codefinger showed it could hold victims ransom by encrypting their files in AWS S3 buckets using AWS’s own built-in capabilities to server side encrypt files using a custom provided key, referred to as SSE-C. In exchange for payment, the keys would be given back to the victim to decrypt their data. While this attack is based on an initial credential compromise, the complexity of executing ransomware attacks has significantly decreased given the lack of need for dedicated encryption infrastructure.