DeathRansom encrypts user files with AES and demands a ransom of 0.1 BTC. It deletes volume shadow copies to ensure the data cannot be restored easily. After the DeathRansom performs file encryption, it will drop ransom note named "read_me.txt" in each encrypted file's directory
ToxicEye is remote access trojan written in C# and is controlled via Telegram. Its main know form of proliferation is via phishing email. If victim is successfully tricked into executing its executable it will install itself silently and install other malware.
Nitro Ransomware encrypts user data and ask them to buy them a Discord gift card worth $9.99 in 3 hours. Although it did not delete any files after 3 hours but they remain encrypted.
ATMTest is a multi-stage infection in 2018. It requires console access to the ATM, meaning the attackers have to gain remote access to the bank's networks.
The ATMSpitter family consists of command-line tools designed to control the cash dispenser of an ATM through function calls to either CSCWCNG.dll or MFSXFS.dll.