August was the biggest comeback month since March for TotalSecurity, which locks out applications and data, and then demands a ransom to restore access.
The resurgence is attributed to the fact that the malware has been made polymorphic, which means the code changes hourly to avoid detection.
This is a technique typically seen with botnets, such as Waledac, and has been picked up by the developers of TotalSecurity, said Derek Manky, project manager, cyber security and threat research at Fortinet.
"This is another example of how relying purely on antivirus is not a silver-bullet approach to protecting systems from infection," he said.
This story was first published by Computer Weekly