Philadelphia is an updated version of the Stampado ransomware virus. It is distributed via phishing emails that contain fake late payment notices. These messages, however, include links to the Philadelphia website, which contains a Java application that downloads the ransomware. After a successful infiltration, Philadelphia encrypts various files (e.g. .7z, .avi, .bmp, .doc, etc.) stored on the victim's computer. During the encryption process, Philadelphia changes the name of the encrypted files to a random number of characters and adds the extension ".locked". For example, the encrypted file "sample.jpg" could be renamed to "HJG234B23JKHLK1J32KL1J3LKJOI.locked". After a successful encryption, Philadelphia opens a window that contains a message demanding a ransom.