Rook ransomware encrypts its victims files with AES in ECB mode and instruct them to contact them at rook@onionmail.org for ransom negotiations.

Blue Locker ransomware encrypts its victims files with AES + RSA and instruct them to contact them at grepmord@protonmail.com for ransom negotiations.

The BlackByte ransomware operators leverage ProxyShell Microsoft Exchange vulnerabilities for initial access along with Cobalt Strike for lateral movement.

Moses Staff is a politically motivated ransomware that targets israeli entities and it did not make any ransom demands.

Hello ransomware encrypts user data and asks its victims to contact them for ransom negotiation. Hackers also threatens to increase ransom amount if the victims delays for more than 96 hours.