A destructive scam email that infects computers and holds them hostage has successfully targeted at least 10,000 Australians since it was detected this week, a cybersecurity analyst says.

The email, purporting to be from energy company AGL, sends a fake bill and prompts the recipient to click on a link to download a copy.

The fake AGL webpage that prompts users to download malware.

It then saves a .zip file on the computer which, when extracted, locks the machine down using malware known as "ransomware". The recipient is prompted to pay $US640 ($A880) to unlock it.

Raymond Schippers​, a senior analyst at global cybersecurity firm Check Point, said once the file has downloaded ransomware such as Torrentlocker or Cryptolocker – sometimes spelled with 0 in place of o – the only way to get rid of it is to restore from a backup or to wipe the computer and start over again.