What you describe, sounds similar to what can be done with the GRUB2 boot loader.
http://askubuntu.com/questions/370693/how-to-add-the-grub-password-protection-to-the-os-load-process-instead-of-when-e
Remember, grub lives inside the MBR. So if I boot off alternative media, move the disk to another system, etc, I can simply comment out the passwd line, chroot, and run grub2-mkconfig to overwrite the MBR with a grub that doesn't require a password.
The alternative for the ransomware guys would be to do something to the disk to restrict access at a firmware level, but if they do that then as soon as I reboot I can't get far enough to see their ransom demands anymore.
So they can lock things down so tight that pretty much no one can get in without paying, but if the victim reboots they will no longer be able to pay (and the victim loses their drive). Or they can lock things down so that most users can't fix it and hope that some/many/most of them pay, but then they have to leave an out which allows some to get away completely. My point (ok, guess) was that they would probably overwhelmingly choose the latter.