A new ransomware group called Memento takes the unusual approach of locking files inside password-protected archives after their encryption method kept being detected by security software. Last month, the group became active when they began exploiting a VMware vCenter Server web client flaw for the initial access to victims’ networks. The group used WinRAR to create an archive of the stolen files and exfiltrate it. The ransom note that is dropped demands the victim pay 15.95 BTC ($940,000) for complete recovery or 0.099 BTC per file.”]