SyncCrypt targets Windows OS and is distributed via malicious email attachments containing a Windows Script File (WSF). This variant uses steganography to evade detection and infect victims.
XData targets Windows OS and its distribution method is currently unknown. Once a system is infected, XData scans for files on local drives and unmapped network shares. It uses the AES encryption algorithm, appends .~xdata~ to the names of encrypted files, and drops a ransom note named HOW_CAN_I_DECRYPT_MY_FILES.txt.
UIWIX was identified a few days after the WannaCry ransomware outbreak that impacted countries and sectors across the globe. Trend Micro obtained a sample and determined that UIWIX uses the same EternalBlue exploit that WannaCry used against Microsoft Windows Server Message Block (SMB) vulnerability.
WYSIWYE, or What You See Is What You Encrypt, is a Ransomware-as-a-Service (RaaS) tool that is currently being sold to criminals and used to target users in Germany, Belgium, Sweden, and Spain who use Windows OS. It is distributed by malicious actors who conduct brute-force attacks against enabled and exposed Remote Desktop Protocol (RDP) ports.
ZipLocker targets Windows OS and its distribution method is currently unknown. Instead of more traditional methods of encryption used by other ransomware variants, ZipLocker zips up all targeted files into a password-protected ZIP archive with the following naming convention: [original_file_name]+locked.zip.