I was trying to find a crack for the app, Seer and made the mistake of running them withought a sandbox.
The program ran a crypto miner which kept getting blocked by my firewall. But in the background my files were being renamed to .koom. Luckily I caught it as well as restored from backups within a hr.
I only run simplewall and no AV so if I make a mistake like that I'm pretty screwed. (Looking at moving to Malwarebytes premium.)
TLDR: Use a sandbox and have quality backups with versioning.