Once you run it, explorer.exe and any other running windows are automatically killed, and a window with Russian text will appear. The text seen when the ransomware is run is in Russian, a translated version says the following:
Your computer is blocked for watching, copying and spreading footage containing pedophilia. For removing the block, you should pay 500 roubles on Beeline number: 79091516876.
The ransomware tells victims to pay 500 roubles under 12 hours, or the computer's data will be deleted.
If the user tries to run taskmgr.exe, task manager will automatically be closed. If the user decides to restart and choose a boot option, the computer will tell to the user to boot with the last time their setting was updated to restore their data. However, there is a special thing about the ransomware: If the user tries to boot into safe mode, the computer will give the user a Blue Screen of Death. If the user enters code and then attempts to boot into safe mode, the computer will not give the blue screen of death, it will just restart automatically.
If the user pays the attacker money, then the attacker normally sends back a code. If a user wants to enter the code (code displayed below), then they should find "Ваш КОД" (Your CODE), enter the code, and click on "Разблокировать" (Unlock) button.
Reloading or turning off computer will result in deleting all data on the hard drive,
The user can get the virus through entering a website meant for downloading porn, illegal or not.
The file is normally named "xxx_porno" and is an executable file.
The password is 123123123