AWS is discontinuing support for SSE-C (Server Side Encryption with Customer-provided keys) in April 2026. SSE-C allowed users to provide their encryption keys for data stored in S3, but it was rarely used. Its cumbersome implementation required extensive customer management of keys, making it less appealing compared to alternatives like AWS Key Management Service (KMS) and client-side encryption. The author notes that SSE-C's obsolescence is a positive step for security, as it was more of a conceptual tool than a practical solution. Interestingly, there was a ransomware campaign that exploited SSE-C. Attackers would gain access to AWS credentials, download files, and re-upload them with SSE-C enabled, effectively locking users out and demanding a ransom. This method was particularly insidious because it bypassed typical security measures, as attackers didn't need extensive permissions and the encryption key was never held by AWS. While this tactic wasn't widespread, it highlighted the vulnerabilities associated with using SSE-C. For those who might still be using SSE-C, the article recommends switching to KMS for most encryption needs, particularly with Customer Managed Keys for compliance. For users requiring complete control over their encryption keys, client-side encryption is the safest option. The author emphasizes that SSE-C was a flawed approach from its inception, and its removal is long overdue.