Ranzy Locker Ransomware is the successor of Ako Ransomware and ThunderX Ransomware. Update version contains a better encryption as ThunderX decryption tool became available at NoMoreRansom project's website. Beside enhancement in encryption and methods of ex-filtration, and the (now commonplace) use of a public "leak blog" to post victim data for those who do not comply with the ransom demand.
DarkSide ransomware highly selective and targeted toward its victims. Its victims are business users and enterprise data with it encrypts their data with Salsa20 + RSA-1024 and then demands a multi-million dollar in BTC as ransom to get the files back.
Egregor Ransomware is the successor of Maze Ransomware and Sekhmet Ransomware. Egregor ransomware allegedly compromise and steal data from more than 50 companies including the big fishes like Crytek, Ubisoft, Foxtons Group and Barnes and Noble.
Pay2Key Ransomware apparently target towards business in Brazil and Israel. It looks for open RDP ports and swiftly spreads in entire network with in one hour.
RegretLocker uses a special technique to mount the virtual disk file to individually encrypt each of its files. RegretLocker uses the Windows Virtual Storage API OpenVirtualDisk, AttachVirtualDisk, GetVirtualDiskPhysicalPath to mount virtual disks.
