AgeLocker use AGE (Actually Good Encryption) algorithm for encrypting victims files on QNAP servers, hence the name AgeLocker. It uses X25519, ChaChar20-Poly1305, and HMAC-SHA256 algorithms which makes it a very secure method to encrypt files.

FIVEHANDS ransomware uses an embedded NTRU public key. This NTRU key is SHA512 hashed and the first 32 bytes are used as the victim ID within the ransom note. This NTRU pubic key is also used to encrypt each file's symmetric key.

DeathRansom encrypts user files with AES and demands a ransom of 0.1 BTC. It deletes volume shadow copies to ensure the data cannot be restored easily. After the DeathRansom performs file encryption, it will drop ransom note named "read_me.txt" in each encrypted file's directory

Qlocker Ransomware locks user files in password protected archives on QNAP server using 7z compression utility. Ransomware author demand a ransom of 0.01 BTC to get a password for their archived files.

Nitro Ransomware encrypts user data and ask them to buy them a Discord gift card worth $9.99 in 3 hours. Although it did not delete any files after 3 hours but they remain encrypted.