Amazon cloud users have recently become targets of a ransomware strain known as Codefinger, specifically designed to exploit Amazon Web Services (AWS) environments. According to the Halcyon Threat Research and Intelligence team, Codefinger takes advantage of AWS’s Server-Side Encryption with Customer-Provided Keys (SSE-C) to encrypt user data. The attackers then demand payment in exchange for the AES-256 keys required to decrypt the data.