A web page pretending to offer an official application from PayPal is spreading a new variant of Nemty ransomware to unsuspecting users. The fake PayPal page promises to return 3-5% from purchases made through the payment system. The malicious executable is detected by most popular antivirus products on the market. The ransom demand was 0.09981 BTC, which is about $1,000, and the payment portal is hosted in the Tor network for anonymity. The malware is now at version 1.4, which comes with minor bug fixes.
Source: https://www.bleepingcomputer.com/news/security/fake-paypal-site-spreads-nemty-ransomware/