F-Secure researchers have spotted a new Zeus 2.x variant that includes a ransomware feature. The malware aims to provide better support for its offshoot of the Zeus code base, whilst at the same time allowing clients to vote on feature requests and code their own modules for the crimeware platform. Once this particular piece of malware is executed, it first opens Internet Explorer and points it towards a specific URL : lex.creativesandboxs.com/locker/lock.php. The users are blocked from doing anything on their computer.
Source: https://thehackernews.com/2012/05/zeus-2x-variant-includes-ransomware.html