PayloadBIN Ransomware is attributed to the Evil Corp group. In 2019 the government barred negotiation firms from facilitating ransom payments for Evil Corp, they renamed their ransomware operations to different
SplinterJoke Ransomware encrypts user files and data and asks them to contact them for the decryption key. After encryption, it changes the wallpaper of the system saying that this ransomware is a Proof of Concept (POC) for SentinelOne.
Ducky Ransomware encrypts user data and asks them to contact the attacked on Telegram handle duckydecrypt or contact them at email@example.com in 48 hours.
Zeppelin Ransomware is successor of VegaLocker and is written in Delphi. Zeppelin is a highly configurable malware and can be deployed as an EXE, DLL, or wrapped in a PowerShell loader.
Prometheus Ransomware encrypts user data with and ask a ransom of $15000 in Monero (XMR) coins. Attackers threatens to release all the data they claimed to have siphoned off.