A group of cyber-criminals has been breaking into unsecured enterprise servers via RDP brute-force attacks and manually installing a new type of ransomware called LockCrypt. The LockCrypt gang usually breaks into one server, moves laterally to as many machines as possible, and manually runs the LockCrypt ransomware on each system. To decrypt locked data, victims must pay between $3,500 and $7,000 per machine. Attackers hit companies in countries such as the US, UK, South Africa, India, and the Philippines.
Source: https://www.bleepingcomputer.com/news/security/lockcrypt-ransomware-crew-started-via-satan-raas-now-deploying-their-own-strain/