Basic PoC of hostile HPKP Suicide, as discussed in Bryant Zadegan and Ryan Lester's Black Hat / DEF CON talk "Abusing Bleeding Edge Web Standards for AppSec Glory".
Despite the tongue-in-cheek name, this is not ransomware. It's merely a demonstration of a concept that could hypothetically be implemented within some future ransomware package, uncovered in the course of our security research.
This also is not an exploit that facilitates attaining root access to a box. Doing so would be a prerequisite to using a hypothetical RansomPKP-based ransomware package, and as such would be entirely left as an exercise to the attacker.