Sigrun creates ransom notes named RESTORE-SIGRUN.txt and RESTORE-SIGRUN.html in every folder where files have been encrypted and appends .sigrun to the names of encrypted files.
MoneroPay targets Windows OS and was initially distributed on the BitCoinTalk Forum through malicious links in posts advertising a digital wallet for a supposedly new cryptocurrency called SpriteCoin. In reality, though, SpriteCoin is a fictional cryptocurrency conjured up by those behind this ransomware campaign for the purpose of tricking cryptocurrency enthusiasts and investors into installing the ransomware.
Although Ordinypt is classified as a ransomware variant, it is actually falls into a new category of destructive malware known as a data wiper. Instead of encrypting files, this program actually destroys data by replacing file contents with randomly generated uppercase and lowercase letters and numbers.