Experts say fake sites use names that indicate the presence of erotic content: nude-girlss.mywire.org, sexyphotos.kozow.com and sexy-photo.online. They allow visitors to download the SexyPhotos.JPG.exe executable disguised as an image.
If you open the downloaded file, malicious executables will be copied to the system. As a result, all files on the computer are renamed Lock_0.fille. The original names cannot be restored. In the generated Readme.txt file, the attackers demand to pay hundreds of dollars in bitcoin, otherwise the files will be deleted. Experts urge not to comply with these requirements, most likely the files have already been irretrievably lost.
Source: Ferra
