The suspect distributed/sent an email to the victim containing a link that directed the victim to click on the link and the victim's computer (web mail server) installed Cryptolocker which caused the mail server system of a company in the United States to be encrypted and the suspect demanded ransom in the form of crypto currency. Bitcoins so that the web mail server system can function again.

With this modus operandi, the suspect distributed it to 500 other email accounts located abroad, one of the victims was a company in San Antonio - Texas, United States. The suspect sent a link via email to one of the employees at the company who directed to a link containing a Cryptolocker, after the victim clicked on the link, the company's mail server system in the USA was encrypted by the Cryptolocker.

After that, a display appears on the victim's computer screen containing a message in the form of if the victim does not pay attention to the message, the victim's data will be deleted within 3 days and the victim is asked to contact the perpetrator's email. After a conversation between the victim and the perpetrator, the victim finally sent a number of Bitcoins to the perpetrator's wallet account.