The new cryptolocker named as Octopus derived from the Serpent/Zyklon/WildFire/HadesLocker family shows that .NET ransomware can be not an easy meat for a reverse engineer. It utilizes heavy obfuscation and code encryption to hide its C# code.
See our analysis in the Acronis blog: https://www.acronis.com/en-us/blog/posts/serpent-pretends-be-octopus-new-step-zyklon-ransomware-evolution
Article Link: http://nioguard.blogspot.com/2017/08/serpent-ransomware-analysis.html