A recent change to the REvil #ransomware allows the threat actors to automate file encryption via Safe Mode (-smode) after changing Windows passwords.
REvil also recently warned that they would perform DDoS attacks on victims and email victims' business partners.

https://www.bleepingcomputer.com/news/security/revil-ransomware-now-changes-password-to-auto-login-in-safe-mode/