Memento Ransomware is a python based "utility" that use legitimate WinRAR to do its bidding. Qlocker Ransomware
also did that. Memento Ransomware copies its victims files in an password protected archive skipping encryption altogather and delete the original file using legitimate open source tools. All encrypted files have .vaultz
extension appened to them. Victims were asked to a pay 15.95 BTC for complete recovery or 0.099 BTC per file.
Download Memento Ransomware Sample
Password of the archive is memento-ransomware