Technology firm Cisco has uncovered a major hacking operation worth an estimated $30m (£19.6m) a year.
The company said criminals had used the notorious Angler Exploit malware tool to target tens of thousands of users every day.
The attacks were focused on customers of hosting provider Limestone Networks.
Cisco has issued a patch and published guidance on how users' can protect themselves but analysts doubt this will put an end to Angler attacks.
"We shouldn't fool ourselves into thinking Cisco's action will serve a killer blow to the Angler Exploit Kit, but it will have bloodied its nose and disrupted the criminals' activities," security expert Graham Cluley told the BBC.
'Advanced and concerning'
Cisco's security team discovered the fraud during a wide-reaching investigation into Angler - one of "the most advanced and concerning hacking tools on the market", according to the firm.
The malware takes advantage of vulnerabilities in Flash, Java and other browser plug-ins to break into systems.
It can then take computers hostage, demanding a ransom be paid by their owners in order to regain access to the device.
Cisco estimates that almost half of the Angler attacks it analysed happened on servers connecting to the US-based hosting provider.
It said fraudsters were targeting an estimated 90,000 people a day and generating more than $30m annually from the attacks.
'A running battle'
Ken Munro, a security expert at Pen Test Partners, said Cisco's investigation was "another great example of cutting off malware at the knees".
He added: "By analysing the data around Angler and finding critical compromised servers on the internet that the exploit needs to communicate with, it can be rendered powerless."
But he said it would not take long for malware authors to "rewrite their tools to work around this".
He said: "It's a running battle that will continue in a slightly modified format."
Cisco estimates the total revenue generated by Angler attacks worldwide could exceed $60m annually.