Editor's note: This blog originally ran on Chubb's Risk Conversation.

CryptoLocker? It sounds like something out of a sci-fi film.

We've all heard about corporate executives who have been kidnapped and held for ransom. But did you know that your computer files can be "kidnapped" and held for ransom too?

The new and particularly devious threat, called CryptoLocker, takes the age-old concept of kidnapping into the cyber world. CryptoLocker essentially holds your computer hostage, encrypting your files and rendering them unusable until you pay a ransom. The "ransomware" typically arrives through an email attachment, often a fake FedEx or UPS tracking notice.

Once it encrypts the files, CryptoLocker demands payment via Bitcoin or MoneyPak and installs a countdown clock that ticks backwards from 72 hours. Those who let the timer expire before paying risk losing access to their files forever.

Dell SecureWorks estimates that up to 250,000 systems were infected globally in the first 100 days of the threat, first detected in September 2013. Countries with the top infection rates were the United States, Great Britain, Australia and France. The average ransom is about $300.

Many businesses and organizations are unprepared for this threat.

The Swansea Police Department in Massachusetts, for instance, paid a two-Bitcoin ransom, worth about $750, to decrypt images and Word documents after its systems became infected with CryptoLocker in November 2013.  

In North Carolina, a law firm lost access to thousands of legal documents in February when it became a CryptoLocker target. The malware came in an email attachment that looked like it was from the firm's phone system, which sends voice mail messages as attachments. The firm attempted to pay the $300 ransom but it was too late.

While small businesses have been the primary targets so far, the criminals behind the scam could become more ambitious and begin targeting larger businesses and raising their ransom demands as well. Businesses large and small need to be aware of the CryptoLocker threat and take steps to protect themselves.

Before an incident occurs, reach out to computer consultants to learn how to strengthen your computer defenses. Find out what other layers of security protection you need, whether it's an enhanced firewall, better passwords or better staff training about the dangers of email attachments.

Businesses also should be prepared to act quickly in case they do become CryptoLocker targets. Establish a relationship with consultants ahead of time and know who to call in case of an attack when time is of the essence.