According to Websense, the attack starts when a user visits a malicious website that exploits a known vulnerability in Microsoft Internet Explorer. The site downloads a Trojan that searches for files with various extensions on the user's system and encrypts them.
The Trojan also sends a message to the user's system with instructions on how to buy a tool to decode the files. The message directs users to deposit money for the tool into an online account.
Symantec rated the attack as a Level One threat - the least serious - but said it illustrates the trend of malware writers teaming with criminals intent on profit.
"The attack is yet another indicator of the growing trend of criminals using technology for financial gain," Oliver Friedrichs, senior manager at Symantec Security Response, said in a statement. "The good news is that this threat is not self-propagating, which limits its ability to spread in the wild."