The ransomware uses targeted phishing techniques for initial access, as well as to gather credentials from one of the employees of its target company. It then uses RATs to gain privileged access and move laterally within its target network.