Blue Locker ransomware encrypts its victims files with AES + RSA and instruct them to contact them at grepmord@protonmail.com for ransom negotiations.

The BlackByte ransomware operators leverage ProxyShell Microsoft Exchange vulnerabilities for initial access along with Cobalt Strike for lateral movement.

Moses Staff is a politically motivated ransomware that targets israeli entities and it did not make any ransom demands.

Hello ransomware encrypts user data and asks its victims to contact them for ransom negotiation. Hackers also threatens to increase ransom amount if the victims delays for more than 96 hours.

Hacker skim sensitive information from e-commerce website by deploying malware dubbed as linux_avp which is written in golang. Analysis of linux_avp suggests that it serves as backdoor, waiting for commands from a Alibaba hosted server 47.113.202.35