Hackers upload pics that contain .hta code which functions somewhat like .exe
When you click the image; the image itself will not download but the malicious .hta code.
This will leave your system vulnerable and your PC gets encrypted. You may then pay for the encryption key to unlock your data again.
This is a well known attack.
The new Html 5 canvas make pictures on the internet a dangerous thing.
Once you are at that point where your data have been encrypted; there is only one thing that can save your data and that is to play back your backup.... or you can pay...
Linux users do not have to fear this since it is targeted at Microsoft code (Windows).
To avoid this:
If you have clicked on an image and your browser starts downloading a file, do not open it. Any social media website should display the picture without downloading any file.
Don’t open any image file with unusual extension (such as SVG, JS or HTA).
More here