I went to a dangerous website using an unpatched browser and/or risky plugins like Java, Flash, and Adobe Reader, and now something has taken over my computer and encrypted my files. It left me a note saying that I need to get Bitcoins and then download Tor Browser to pay the ransom, or I'll never see my files again!
What's going on? Why is Tor involved?
You got a malware that encrypted all your files. To get them back, you have to pay. This type of malware is called Ransomware (Wikipedia).
When you caught the ransomware, it took your files one by one and encrypted it with a key. When all your files were encrypted, it probably created a small text file on your desktop with a name along the line of README_TO_GET_YOUR_FILES_BACK.txt.
It totally depends of the ransomware, but probably not. Chances are, it used Assymetric cryptography to encrypt your files. Basically, you have one key to encrypt, and another one to decrypt. Even if you found the key used to encrypt your files, it wouldn't help you to decrypt them. The attackers have the key you want and did not put it in the ransomware; and they want you to pay to get it.
You can still try to search on Google, copy-pasting their message to see if you can find the name of your malware (TeslaCrypt, CryptoLocker, CryptoWall, etc.). You may get more information, and perhaps a solution to recover your file if it was a weak ransomware. However, do NOT download random Ransomware Removal Tools1 and remember that it was probably by downloading some fishy files that you caught the ransomware in the first place.
1 You can trust some websites! For example, Kaspersky provides a free tool to get rid of CoinVault and Bitcryptor.
You can recognize a Tor link with the .onion at the end.
They use Tor because it makes it harder for law enforcement to find them. It has nothing to do with the Tor project per se. The same goes for Bitcoins: they are harder to track than a bank transfer; like in the movies when the kidnappers ask for cash-only-20-unmarked-bills.
Tor and Bitcoins offer you to improve your privacy/anonymity. Everybody likes more privacy, unfortunately including bad people.
I would like to say that you should not, but it isn't realistic. This is a decision that you have to make. I would still suggest that you pay only if you have very valuable data2 that you want to get back. You game saves or grocery list are probably not worth to be saved.
Some people says that you are likely to get your files back. Ransomwares work because people pay; and people pay because they think they will get their files back. The fact is: you don't know.
It seems that they also have a great customer service. Link-1 - Link-2
2 What you should consider as valuable data is up to you.
Whether or not you got your files back, you should do a clean install: reformat your whole drive and reinstall the OS. Other malwares might have been installed along with the ransomware.
Keep your system and softwares up-to-date, don't visit suspicious websites and make regular backups of your files! (At least the important ones.)
Take a look at Roger Dingledine's answer.
I'm sorry to hear that! It sounds like you have been infected with ransomware named "Cryptowall". This is a type of malware that encrypts your files and deletes the originals, and then blackmails you into paying the malware authors for the decryption key. The authors are in Russia or somewhere similar, so they want you to pay them with Bitcoin.
Cryptowall has nothing to do with Tor. We (Tor) are bystanders too, dragged into this mess by the jerks in Russia who infected your computer. We're as upset as you are. And we're especially sad that this might be your first introduction to Tor, which is used by millions of people around the world, including ordinary citizens who want protection from identity theft and prying corporations, corporations who want to look at a competitor's website in private, bloggers and activists whose Internet connections are censored or surveilled, and even governments and law enforcement.
Ransomware is a huge and growing concern on the Internet. Apparently the Cryptowall people have collected more than $18M USD as of mid 2015 (!), so you are far from alone. Sadly, even organizations like hospitals have been affected.
The best answer, but alas it's probably too late for you now, is to avoid running insecure software. Be sure to stay up-to-date on all your software updates and patches, and also avoid running things like Flash that always seem to have security problems. The second best answer, and maybe this one isn't too late for you, is to do frequent backups. Maybe you can just go to one of your backups and restore your files?
Ok, so why is Tor Browser involved here at all? The simple answer as far as we can tell is that the jerks who wrote Cryptowall decided Tor is cool, so they wanted to include it somehow. They set up a ransom website to receive your bitcoins, and they gave it a Tor onion address rather than a more normal web address. Tor onion services can provide stronger security to users who want to be sure they're reaching the right service (that's why Facebook runs one), and they can also provide stronger security to the service side too, for example by making it hard to learn where the website is located. But in this case, the Cryptowall people aren't relying just on the onion service security. Since they're in Russia or the like, the authorities won't do anything even if they do learn their names or location. :(
There are hundreds of variants of ransomware in the world, and most just host their websites in Malaysia or some other country that doesn't care to answer legal demands. That is, Cryptowall doesn't rely on Tor to accomplish its goals. You probably think (quite reasonably) that they are terrible people for ruining your day. We think that they are terrible people for dragging Tor into this, and for giving privacy a bad reputation.
In closing, I'm afraid we don't have any good answers to questions like "should I pay them" or "if I pay them, how do I know I'll get my files". It's a crummy situation all around -- especially because your US dollars and Euros go a long way in Russia, which keeps the cybercrime engine going. This is another illustration of the "bad people on the Internet are doing great, and good people don't have enough tools to help them" situation that we'd like to fix.
[Can somebody point to a great tutorial on how to clean up after Cryptowall, how to lock down your system afterwards, etc? All the ones I found were thinly veiled advertisements by antivirus companies, and their motivations mean they always recommend their own product. We should edit the end of this answer to point to those great tutorials.]
Does it tell you to got to a site ending with .onion or .exit? Probably they will give you a bitcoin address or let you download a key when you go to their site. They use a tor hidden service so that they will not so easily be traced.
