The ransomware, also known as Netwalker, targets corporate networks and encrypts all Microsoft Windows systems found. The malware was detected in August 2019 and new variants have been discovered throughout the year, including in 2020. The ransomware adds a random extension to infected files and uses Salsa20 encryption. The ransomware has added a new defense evasion technique known as reflexive DLL loading to inject a DLL from memory.