OphionLocker, a strain of ransomware that uses elliptic curve cryptography for file encryption, is being spread using a malicious advertising (malvertising) campaign featuring the RIG exploit kit.

This new strain of malware encrypts files of particular types on infected systems before using Tor2web URL as a conduit for instructions on how to send the payment and obtain the decryptor tool. The ransom amount is paid in Bitcoins to the tune of 1 BTC ($352 at current rates of exchange).

The security company, F-Secure, says that if the infection happens on a virtual environment NO ransom payment is requested for a "decryptor tool", which (perhaps unsurprisingly) doesn't work.

The use of Tor and elliptic curve cryptography places OphionLocker in the top tier of such scams.