Tens of millions of UK internet users could be at risk from "ransom" email spam seemingly sent from financial institutions.
The email has an attachment that looks legitimate but is malware that encrypts computer files.
If the attachment is opened, a displayed countdown timer demands a ransom to decrypt the files.
Small to medium businesses seem to be the target and the National Crime Agency says there is significant risk.
Lee Miles, deputy head of the National Cyber Crime Unit, says: "The NCA are actively pursuing organised crime groups committing this type of crime. We are working in co-operation with industry and international partners to identify and bring to justice those responsible and reduce the risk to the public."
The malware installs a piece of "ransomware" called Cryptolocker on computers running the Windows operating system. The ransom demands that the user pay two Bitcoins, a virtual currency, that would be worth £536 to release the decryption key.
Reports suggest that people who have paid the ransom have not had their files decrypted and it has been impossible to restore encrypted files.
No guarantee
The NCA said it would never endorse the payment of a ransom to criminals and warns that there is no guarantee that the people behind the demand would honour the payments.
An NCCU investigation is seeking to identify the source of the email addresses used.
Computer users are being warned not to click on any suspicious attachments, to have updated antivirus software and to regularly back up files. If a computer is infected the advice is to disconnect it from the network and seek professional help to clean the device.
