Ransomware attacks on businesses grew threefold this year to reach one every 40 seconds by October, according to new data from Kaspersky Lab.
The Russian AV firm claimed that attacks came once every two minutes at the start of the year.
For individuals it was even worse, with Kaspersky Lab calculating one attack every 10 seconds by Q3, up from once every 20 seconds at the beginning of the year.
Some 20% of organizations worldwide suffered an IT incident as the result of a ransomware infection this year, and the same percentage of small businesses never got their files back even after paying up.
That chimes with separate research from Trend Micro from earlier this year which claimed that one in five UK firms it polled were left without a decryption key after they paid the ransom.
While Kaspersky Lab was at pains to point out there’s no such thing as a low-risk sector, education was worst hit, accounting for 23% of all attacks, while retail and leisure (16%) was least affected.
So far the vendor has discovered 62 new ransomware families.
The continued rise in ransomware is attributed in part to the success of the ransomware-as-a-service model, which has democratized the means of launching such attacks to a broad sweep of cyber-criminals.
“The classic ‘affiliate’ business model appears to be working as effectively for ransomware as it does for other types of malware. Victims often pay up so money keeps flowing through the system,” said Fedor Sinitsyn, senior malware analyst, Kaspersky Lab.
“Inevitably this has led to us seeing new cryptors appear almost daily.”
Trend Micro claimed in a report this week that new ransomware families discovered soared 400% between January and September, but growth next year will drop to 25%, it added.
However, we’re likely to see such malware increasingly bundled in with data breaches as cyber-criminals look to maximize their profits.