Cybercriminals have launched a new campaign that not only requires the victim to pay a ransom to have their data decrypted, but when the victim is directed to a PayPal account to pay the ransom and get the decryption key to unlock the data, the PayPal account page is fake. When the victim lands on the fake page, the criminals can steal their account login credentials. On top of that, when the victim enters the credit card information on the fake account page to pay the ransom, the cybercriminals steal the credit card information as well.
Please see full publication below for more information.