The ransomware attempts to scare victims by pretending to belong to the local police with the ransom note stating that the user has violated the law. Kovter has also been seen performing click fraud from the user's machine, using registry keys and PowerShell to run without a single file on disk, and using various obfuscation techniques to avoid detection.