Cerber Ransomware encrypt Windows and Linux machines by exploiting Atlassian Confluence (CVE-2021-26084) and GitLab (CVE-2021-22205) servers remote code execution vulnerabilities.

Rook ransomware encrypts its victims files with AES in ECB mode and instruct them to contact them at rook@onionmail.org for ransom negotiations.

Blue Locker ransomware encrypts its victims files with AES + RSA and instruct them to contact them at grepmord@protonmail.com for ransom negotiations.

The BlackByte ransomware operators leverage ProxyShell Microsoft Exchange vulnerabilities for initial access along with Cobalt Strike for lateral movement.

Moses Staff is a politically motivated ransomware that targets israeli entities and it did not make any ransom demands.