Traditional ransomware has become a popular tool for cybercriminals to make money and has cost a variety of industries hundreds of millions to billions of dollars in recent years. As trends change and corporations move from traditional data centers to cloud environments like AWS, GCP and Azure, adversaries are adapting their techniques to match the new climate. Because of this, attackers abusing cloud APIs rather than host/network-based commands are becoming more prevalent. This talk explores the services most likely to be targeted by ransomware in AWS cloud, the techniques that attackers may use, and the preventative/detective measures that assist the blue team.