Took a lot of work, but eventually I was able to get the same pop-up. I had to do some pretty specific searching though (actually followed Sophos to the letter).
As expected, Firefox warned before downloading the file. But what was really surprising was that the "Cancel" button in the js window that popped up actually functioned! Usually they don't give you that option - at least in the Windows variants I've seen.
The sad thing is, it looks polished enough to fool the average (paranoid) user. And how, as a tech, can you really train those users to be suspicious of these things? I mean, there's really no tell-tale sign that one of these is fake. If they're running a legit AV product, it could potentially pop up and say there malware present on the system. So, how does one distinguish between what is real and what is fake? I mean, I have a highly-tuned BS-o-meter, but the average person isn't going to know the difference.
Still, I'm not so sure I would recommend an AV product, even with the existence of this kind of extortionware (now on the Mac). I highly doubt any of the packages would have prevented a zero-day infection. I'm sure they could have removed it easily enough, but it's not like they provide even an ounce of prevention.