HC7, also referred to as HC7 GOTYA, targets Windows OS and is distributed manually via Remote Desktop protocol (RDP). Once one system is infected, the ransomware uses the PsExec tool to spread to other systems on the network.
Although Ordinypt is classified as a ransomware variant, it is actually falls into a new category of destructive malware known as a data wiper. Instead of encrypting files, this program actually destroys data by replacing file contents with randomly generated uppercase and lowercase letters and numbers.
Bit Paymer, sometimes written as BitPaymer, targets Windows OS and is distributed via RDP compromise. Once the hackers behind the campaign gain access to an open and exposed RDP endpoint, they move laterally through the targeted network and manually install Bit Paymer on each system they can access.
Defray targets Windows OS and is distributed via emails containing malicious Microsoft Word attachments. In August 2017, cybersecurity firm Proofpoint detected two small email campaigns containing Defray targeting individuals and distribution lists within the US and UK healthcare and education sectors, as well as the manufacturing and technology sectors.