The ransomware Cryptowall 3 is being distributed through a malvertising campaign involving an exploitative flash file, according to the security vendor Cyphort.
Visitors to websites such as gadget community Gopego are said to be risking exposure to the virus, which is downloaded onto victims’ computers after they are redirected to a malicious site.
Paul Kimayong, malware researcher at Cyphort, said: "Once it finished encrypting files, the malware visits [a payment site] and demands victims pay $500 (£326) using Bitcoin in order to receive the decryption key that allows them to recover their files.
"It also displays a countdown of 168 hours (7 days) to pay the ransom. If the victim does not obey, the price will increase to $1,000 (£652) after the countdown."
As well as using Bitcoin, a cryptocurrency that protects a user’s identity, the hackers have also been spotted using the Invisible Internet Project (I2P) to talk to their victims without exposing themselves to police.
According to Kimayong malvertising is "on the rise" and is still the favourite delivery method in drive-by download attacks, which can install malware onto a victim’s machine without any authorisation from the user.
"With every discovery of a zero-day exploit, actors are rapidly taking advantage and update their kits to deliver malicious binaries more reliably," the researcher added, referring to the abuse of unpatched software bugs.