From www.bleepingcomputer.com: A ransomware campaign has emerged that exploits Amazon Web Services’ Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt S3 buckets, making recovery impossible without the decryption key held by the attackers.

The threat actor known as “Codefinger” has used compromised AWS credentials to encrypt victims’ data and then demands ransom paid in Bitcoin for the key necessary to regain access.

Halcyon, which discovered this tactic, recommends that AWS customers restrict SSE-C usage, disable unused keys, and maintain strict account permissions to defend against such attacks.