Sextortion is malware that tries to convince you that the attacker has compromised your computer and has videos of you visiting adult web sites. The attackers promise not to share the videos with your friends if you pay them money. The videos do not exist, but scared people sometimes pay.
The new variant of the attack tells you to download a sample video to prove their claims.
In fact, the so called video is really malware. The first piece of malware steals your account passwords, files and more. The second piece of malware encrypts your data.
Before downloading the sample video you thought you had a problem. After the download, you really do have a problem.
So, what should you do?
First of all, if you get a threatening email like the above, slow down, take a deep breath and consider things.
For most people – who don’t visit porn sites – keep your curiosity at bay and DELETE the email. DO NOT OPEN THE ATTACHMENT!
I always recommend covering your webcam on your laptop. If you have followed this advice, see the above.
For the very small group of people left, it you think that this video actually may exist, consult an expert. They can safely deconstruct the attachment and figure out if it really what the attacker claims.
Lastly, as I always say, backup early. And often. Preferably multiple copies. If possibly, at least one copy offline. I keep at least one version of my backups in a bank vault. Very hard to hack.
Source: Bleeping Computer.