A malicious file masquerading as Windows Security Scanner is being distributed via spam and demands a ransom despite corrupting files and making them unrecoverable. The file is delivered by a link in an email claiming that a virus has been detected on the victim’s computer and they need to run a security scanner. The link leads to the download of a ZIP archive containing the main payload and several additional executable in a hidden folder. The malware attempts to distract the victim with a fake installation progress bar. In the background, files in the Users folder are targeted by the supposed ransomware. However, instead of implementing an encryption algorithm like most ransomware, this malware removes the first line of targeted files. The method used by the ransomware author to do this ends up corrupting any binary files. Because of this, the malware acts more like a wiper than ransomware, so paying the requested ransom will not result in a decryption key capable of recovering files.