FIVEHANDS ransomware uses an embedded NTRU public key. This NTRU key is SHA512 hashed and the first 32 bytes are used as the victim ID within the ransom note. This NTRU pubic key is also used to encrypt each file's symmetric key.

DeathRansom encrypts user files with AES and demands a ransom of 0.1 BTC. It deletes volume shadow copies to ensure the data cannot be restored easily. After the DeathRansom performs file encryption, it will drop ransom note named "read_me.txt" in each encrypted file's directory

ToxicEye is remote access trojan written in C# and is controlled via Telegram. Its main know form of proliferation is via phishing email. If victim is successfully tricked into executing its executable it will install itself silently and install other malware.

Qlocker Ransomware locks user files in password protected archives on QNAP server using 7z compression utility. Ransomware author demand a ransom of 0.01 BTC to get a password for their archived files.

Nitro Ransomware encrypts user data and ask them to buy them a Discord gift card worth $9.99 in 3 hours. Although it did not delete any files after 3 hours but they remain encrypted.