BTCWare, also known as CrptXXX and CryptoByte, targets Windows OS and is distributed manually via Remote Desktop Protocol (RDP) compromise.
Extensions appended to encrypted file names:
.btcware, .cryptobyte, .cryptowin, .[email@example.com].theva, .onyon
Ransom note file names:
#_HOW_TO_FIX_!.hta, READ ME.txt, #_HOW_TO_FIX.inf, .!#_DECRYPT_#!.inf
Email addresses associated with BTCWare:
firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, decrypt
Telegram usernames associated with BTCWare:
Malware executables associated with BTCWare:
mfskskfkls.exe, <ransom>.exe, czsdxxs.exe
UPDATE 5/16/2017: BTCWare master key was released and the free decryption tool linked below has been updated to include most versions of this variant.
Image Source: PCrisk.com