RedBoot targets Windows OS and its distribution method is currently unknown. When a system becomes infected, RedBoot extracts 5 files into a random folder within the originating directory from which the ransomware's executable was originally launched.
Bit Paymer, sometimes written as BitPaymer, targets Windows OS and is distributed via RDP compromise. Once the hackers behind the campaign gain access to an open and exposed RDP endpoint, they move laterally through the targeted network and manually install Bit Paymer on each system they can access.
Defray targets Windows OS and is distributed via emails containing malicious Microsoft Word attachments. In August 2017, cybersecurity firm Proofpoint detected two small email campaigns containing Defray targeting individuals and distribution lists within the US and UK healthcare and education sectors, as well as the manufacturing and technology sectors.
XData targets Windows OS and its distribution method is currently unknown. Once a system is infected, XData scans for files on local drives and unmapped network shares. It uses the AES encryption algorithm, appends .~xdata~ to the names of encrypted files, and drops a ransom note named HOW_CAN_I_DECRYPT_MY_FILES.txt.
UIWIX was identified a few days after the WannaCry ransomware outbreak that impacted countries and sectors across the globe. Trend Micro obtained a sample and determined that UIWIX uses the same EternalBlue exploit that WannaCry used against Microsoft Windows Server Message Block (SMB) vulnerability.
WYSIWYE, or What You See Is What You Encrypt, is a Ransomware-as-a-Service (RaaS) tool that is currently being sold to criminals and used to target users in Germany, Belgium, Sweden, and Spain who use Windows OS. It is distributed by malicious actors who conduct brute-force attacks against enabled and exposed Remote Desktop Protocol (RDP) ports.