Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking. A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector. It exfiltrates information about infected environments, spreads laterally and then waits before striking the operators go on to encrypt files at a later date and time, when the likelihood of the target paying is deemed to be the most likely. The threat is not an automated threat, but rather has humans pulling the reins.
Source: https://threatpost.com/ponyfinal-ransomware-enterprise-servers/156083/