One of the fascinating character of this ransomware is that this collects the data from the victim’s browser and then uses those data to scam against the victim, this makes the victim believe the fake warning. Instead of showing fake messages like other ransomware this can craft its message according to the victim’s online history and the browsing habits so that it will be more effective.

The main working of this ransomware is similar to the police ransomware it displays the message that will include the victim’s IP address and the URL that are supposedly claimed as containing the illegal contents. The ransomware scans the victim’s browser for information on pornographic material, if the ransomware is able to match it with the victim’s history it will claim that the illegal content was from that particular site and will craft its message according and will demand the ransom. Which makes this ransomware more efficient compared to others of its kind. There are various instances where this was found every time this ransomware used different method for evasion purposes. Finally when all these details are crafted it block the victim from accessing the device and then demands the victim to pay the ransom accordingly. This also disables the task manager and registry editor. Which makes things worse for the victim.