Researchers detected the execution of PowerShell scripts that were delivering the ransomware within memory without any executable on disk. It used paste.ee for delivering the loader and ransomware.