"Riding off the coat tails of a hot February, ransomware threats dominated our Top 10 malware list this report," said Fortinet in a recap of the month's activity. "Every single detection in our list, with the exception of HTML/Iframe.DN, resulted in either scareware or ransomware infesting the victim's PC."
Of particular note was a ransomware threat known as "Total Security", which was spread by the Cutwail botnet during February. Another, called W32/DigiPog.EP, emerged as a new threat this month. The ransomware strain locks out the system and kills off popular applications such as Internet Explorer and Firefox, until an appropriate code is entered into a field presented by the software. Victims obtain the code by sending an SMS message to a provided number.
"While SMS-based ransomware threats aren't particularly new, it is the first time one has landed in our Top 10 list, and provides further proof that the rise of ransomware is well on its way," Fortinet said.
Bredolab and Pushdo were the two most prevalent botnets used to distribute ransomware threats, according to the Fortinet report. They are spearheading a gradual move away from scareware in favor of ransomware as criminal business models become increasingly sophisticated. However, they are competing for market share with another botnet called Sasfis, which rose eight places in the company's attack list from last period.
Predictably, over a six-month period, total malware volume (rather than unique variants) peaked sharply in the runup to the Christmas holiday, before falling off in January and reaching a low point in February. March saw a gradual rise, the Fortinet report found.