I'll use one example from a recent invasion. They deployed what looked to be ransomware that was encrypting the system and saying, “Your system is now locked down and your data's encrypted. You now need to pay us x dollars.” Behind it, they were actually deploying wiper malware to destroy all the data.
It's always on a case-by-case basis. Russia in particular uses it to target specific systems and organizations during their invasions, while traditionally it's been used with the intelligence services in various ways to extort money.