Detectives are looking into a barrage of spam sent to millions of British banking customers intended to freeze their computers and demand a ransom, Britain's National Crime Agency says.
Its National Cyber Crime Unit had become "aware of a mass email spamming event which is ongoing, where people are receiving emails that appear to be from banks and other financial institutions."
The agency said it considered the attack a "significant risk."
It added that while the spam emails may be sent out to "tens of millions of UK customers," they appear to be targeted mainly at small and medium-sized businesses.
The spam carries an attachment that appears to be correspondence related to the text of the email.
In reality the agency said the attachment injects a malicious program - malware - into the computer, which opens it as well as the local network to which the machine is connected.
Once triggered, a program called "Cryptolocker" that the crime agency described as "ransom ware," proceeds to encrypt the files on the user's machine and the local network.
Once encrypted, the computer displays a message demanding the payment of 2 Bitcoins - an electronic currency currently worth £536 - in return for the key to unlock the encryption.
The UK crime agency said it advised users not to pay the ransom and warned that even if it were paid, there was no guarantee the encryption key would be turned over.
The spam attack was reported just as UK financial institutions were conducting a large-scale cyber-security exercise, code-named "Walking Shark 2."
The exercise was being co-ordinated by the British Treasury and the Bank of England.