Ragnar Locker Ransomware (not to be confused with Ragnarok Ransomware) is designed to kill the services of several managed service providers (MSP) products including remote management software (RMM) and remote admin tools by PulseWay, LogMeIn, ConnectWise, SplashTop, and Kaseya.

HorseDeal ransomware exploits the newly discovered vulnerability in Microsoft Windows CryptoAPI's (Crypt32.dll) verification procedure fro Elliptic Curve Cryptography (ECC) certificates. This vulnerability is also know as Curveball or Chain of Fools Vulnerability.

Nodera Ransomware written is Node.js framework (framework used to create web applications in JavaScript). Writing malware in Node.js is an usual choice. Nodera affect Windows operating systems and it appeared to be still in development phase.

Snake Ransomware, a new family of ransomwares like Ryuk, Maze, REvil. It written in GoLang, an opensource language, which is becoming popular among exploit writers. It encrypts data of its victim and appended EKANS and the end of the file.

Ragnarok Ransomware authors target Citrix ADC servers that are vulnerable to CVE-2019-19781. After they gain a foot hold, additional modules are downloaded to exploited server to scan for Windows computers on the network that are vulnerable to the EternalBlue.