Hot take:

Too much emphasis is put on what flavor locker is being used in ransomware operations. Lockers aren’t particularly interesting imo. Maybe to someone studying speed or efficiency but in general they aren’t really that special.

1. Find folders and files, create index, populate tocrypt.
(Staging and exfil happens here)
2. Create threads to handle the following:
a.) read byte stream
b.) crypt
c.) write file
d.) delete original file
e.) if tocrypt eq done: write note buffer to folder.