You think its bad now..
The latest variant of C-L (5.0) attacks the common BIOS's, network cards and even writes nasty code to the EDID chips on the LCD and external panel so you can't connect it to another setup without triggering the 4* BTC ransom demand.
Essentially every part is locked to the machine, however just changing the hard drive and resetting the BIOS to default (cough crisis disk /cough) can get rid of it at the cost of not being able to see the LCD or network adaptor until the defective chips are rewritten.
I'm pretty sure that this one was written with full knowledge of the specific machines (ie manufacturers handed over secret documents) which is even worse.
It seems that the attack vector is to directly infect the vulnerable network adaptor and then download parts of itself into any writeable chip's slack space so it can reconstruct itself when damaged, the code also searches for a more recent BIOS update and edits it to add the malicious code, changes the checksum and rewrites on the next boot to get around protected mode.
Biting the hand that feeds IT
