Editor's note: This blog originally ran onChubb's Risk Conversation.

CryptoLocker? It sounds like something out of a sci-fi film.

We've all heard about corporate executives who have beenkidnapped and held for ransom. But did you know that your computerfiles can be "kidnapped" and held for ransom too?

The new and particularly devious threat, called CryptoLocker,takes the age-old concept of kidnapping into the cyber world.CryptoLocker essentially holds your computer hostage, encryptingyour files and rendering them unusable until you pay a ransom. The"ransomware" typically arrives through an email attachment, often afake FedEx or UPS tracking notice.

Once it encrypts the files, CryptoLocker demands payment viaBitcoin or MoneyPak and installs a countdown clock that ticksbackwards from 72 hours. Those who let the timer expire beforepaying risk losing access to their files forever.

Dell SecureWorks estimates that up to 250,000 systems wereinfected globally in the first 100 days of the threat, firstdetected in September 2013. Countries with the top infection rateswere the United States, Great Britain, Australia and France. Theaverage ransom is about $300.

Many businesses and organizations are unprepared for thisthreat.

The Swansea Police Department in Massachusetts, for instance,paid a two-Bitcoin ransom, worth about $750, to decrypt images andWord documents after its systems became infected with CryptoLockerin November 2013.  

In North Carolina, a law firm lost access to thousands of legaldocuments in February when it became a CryptoLocker target. Themalware came in an email attachment that looked like it was fromthe firm's phone system, which sends voice mail messages asattachments. The firm attempted to pay the $300 ransom but it wastoo late.

While small businesses have been the primary targets so far, thecriminals behind the scam could become more ambitious and begintargeting larger businesses and raising their ransom demands aswell. Businesses large and small need to be aware of theCryptoLocker threat and take steps to protect themselves.

Before an incident occurs, reach out to computer consultants tolearn how to strengthen your computer defenses. Find out what otherlayers of security protection you need, whether it's an enhancedfirewall, better passwords or better staff training about thedangers of email attachments.

Businesses also should be prepared to act quickly in case theydo become CryptoLocker targets. Establish a relationship withconsultants ahead of time and know who to call in case of an attackwhen time is of the essence.