RegretLocker uses a special technique to mount the virtual disk file to individually encrypt each of its files. RegretLocker uses the Windows Virtual Storage API OpenVirtualDisk, AttachVirtualDisk, GetVirtualDiskPhysicalPath to mount virtual disks.

RansomEXX encrypt its victim files with 256-bit key using AES block cipher in ECB mode. The AES key is encrypted by a public RSA-4096 key embedded in the code and appended to each encrypted file. It is initially targeted toward Texas Department of Transportation.

Avaddon ransomware encrypts user data using AES-256 + RSA-2048, and then requires a ransom of $150 to $350 or more in BTC in order to return the files.

PonyFinal is a Java based ransomware that is deployed in human operated ransomware attacks. While Java based ransomware are not unheard of, they are not as common as other threat file types. However, organizations should focus less on this payload and more on how it's delivered.

FUCKUNICORN ransomware threatens pharmacies and medical businesses. It tries to convince the user to download an executable file and run it on their computer, with the promise of offering the beta version of the IMMUNI app and have first-hand data of COVID-19 updated in real time regarding the situations of contagion in your region.