This malware blocks user access to the operating system and replaces registry information about the system Explorer process (explorer.exe) with references to itself.
The next time the operating system loads, a banner appears and states that the computer has been blocked due to viewing of pornographic materials. To unblock the computer, the malware asks the user to transfer the amount being extorted by the attacker (the “fine”) to the phone number indicated in the banner.
Geographical distribution of detections during the period from 20 November 2014 to 20 November 2015
Top 10 countries with most attacked users (% of total attacks)
* Percentage of all unique Kaspersky users attacked by this malware