Messages presented by this "ransomware" usually contain warnings that seem to come directly from law enforcement agencies and accuse the user of having downloaded pirated music tracks or movies.
The entity behind the warning and the language used in the message are usually well matched, but as Microsoft researchers have shown, that is not always the case.
In a very recent example, the ransomware authors made quite an effort with HTML style sheets and content in order to trick the users into believing that GEMA (a German music copyright organization) is the author of the warning, but they unexpectedly used the English language for it:
The malware detects the users' IP address and host name, and tries to threaten them into paying a 100 Euros via Paysafecard, a popular European pre-paid electronic payment method. The message also helpfully notes where such a card can be bought.
Once the payment is effected and the password entered, the computer should ideally be "unlocked", but that outcome is by no means certain.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.