XData targets Windows OS and its distribution method is currently unknown. Once a system is infected, XData scans for files on local drives and unmapped network shares. It uses the AES encryption algorithm, appends .~xdata~ to the names of encrypted files, and drops a ransom note named HOW_CAN_I_DECRYPT_MY_FILES.txt.
UIWIX was identified a few days after the WannaCry ransomware outbreak that impacted countries and sectors across the globe. Trend Micro obtained a sample and determined that UIWIX uses the same EternalBlue exploit that WannaCry used against Microsoft Windows Server Message Block (SMB) vulnerability.
WYSIWYE, or What You See Is What You Encrypt, is a Ransomware-as-a-Service (RaaS) tool that is currently being sold to criminals and used to target users in Germany, Belgium, Sweden, and Spain who use Windows OS. It is distributed by malicious actors who conduct brute-force attacks against enabled and exposed Remote Desktop Protocol (RDP) ports.
ZipLocker targets Windows OS and its distribution method is currently unknown. Instead of more traditional methods of encryption used by other ransomware variants, ZipLocker zips up all targeted files into a password-protected ZIP archive with the following naming convention: [original_file_name]+locked.zip.
Matrix, first discovered in March 2017, targets Windows OS and is distributed via the RIG EK by the EITest campaign. When a victim visits a compromised website that has had EITest scripts injected into the site's code, the EITest scripts load a RIG iframe that attempts to exploit vulnerable software on the victim's computer in order to install the Matrix ransomware variant.
PyCL targets Windows OS and is distributed via an EITest Flash-based redirection that leads to the RIG EK. The security researchers who discovered this variant observed that it was only distributed for one day and noted that it does not securely encrypt files, leading them to believe that this indicated a "test-run" conducted by the malware authors.