New version of MountLocker encrypts files on the infected computers using the ChaCha20 stream cipher. The new code is very similar to the old one, the biggest change being the process for deleting volume shadow copies and for terminating processes. 70% of the code in the new version is the same as in the previous version, including the insecure Windows API function GetTickCount by the malware to generate a random encryption key (session key) BlackBerry says that the use of the GetTICKCount API offers a slim possibility to find the encryption keys through brute-forcing.
Source: https://www.bleepingcomputer.com/news/security/mountlocker-ransomware-gets-slimmer-now-encrypts-fewer-files/