A new version of the Ryuk Ransomware was released that will purposely avoid encrypting folders commonly seen in *NIX operating systems. The list of Ryuk blacklisted folders are: boot boot, boot dev etc lib initrd sbin sbin. The City of New Orleans was infected by Ryuk using an executable named v2.exe. The new version would no longer encrypt folders that are associated with NIX operating system folders. The goal of most successful ransomware is to encrypt a victim’s data, but not affect the functionality of the operating system.
Source: https://www.bleepingcomputer.com/news/security/ryuk-ransomware-stops-encrypting-linux-folders/