Better file selection (e.g., excluding system files)

More efficient encryption

A user interface for displaying the ransom demand

The ability to send the encrypted files to the attacker

The ability to decrypt the files if the ransom is paid