I have stumbled upon a number of articles on extortion viruses recently. This type of virus had been around for at least 10 years, but they receive attention these days as real money is involved:
This one has been cracked because it used a fixed password mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw. But there are methods that use a per-user password as described in Malicious cryptography, part one. The idea is to generate a secret key on the victim machine, encrypt files with it, then encrypt the key with the key that arrived with the virus and transmit the result to the attacker. When the money is paid the attacker will ask the victim to send the encrypted secret key and decrypt it. Once the victim receives the cleartext secret key he/she will use it to decrypt the harddrive.