Researchers are tracking the Browlock ransomware family that spreads by tricking unsuspecting web surfers into believing the police are after them.
The new malware has been found on machines in the United States, Canada and Britain and was thought to operate out of a server in St. Petersburg, Russia.
Victim screens become locked when users visited a compromised site and displayed a message from various regional federal authorities.
The message in typical fashion claimed users violated copyright or child exploitation laws or had simply allowed their computer to run malware and must pay a $300 fee.
"This ransomware is very simple, and just uses the browser to display a lock screen demanding the victim to pay a fake fine and plays tricks to prevent closing the browser tab," F-Secure Labs said in a post.
The FBI estimated criminals profit roughly $150 million annually through widespread ransomware scams.
Removal of antivirus could require simple antivirus or may require an operating system to be reinstalled.
Users should ensure their critical data is backed up on offline storage media to ensure ransomware does not lock connected drives.