The number of users hit by ransomware increased by 30% in the first three months of the year, according to new data from Kaspersky Lab.
The Russian AV firm said its security prevented more than 370,000 attacks on users in Q1 2016, 17% of which were aimed at the corporate sector.
In total, it detected 2900 new malware ‘modifications’ in the period, an increase of 14% on the previous quarter.
The infamous Locky ransomware was detected in 114 countries, however, it was Teslacrypt (58%), CTB-Locker (24%) and Cryptowall (3%) that took the top three spots.
Kaspersky Lab chief security expert, Aleks Gostev, claimed one of the main reasons ransomware has become so popular is the simplicity of its business model.
“Once the ransomware gets into the users’ system there is almost no chance of getting rid of it without losing personal data. Also, the demand to pay the ransom in bitcoins makes the payment process anonymous and almost untraceable which is very attractive to fraudsters,” he added.
“Another threatening trend is the Ransomware-as-a-Service (RaaS) business model where cyber-criminals pay a fee for the propagation of malware or promise a percentage of the ransom paid by an infected user.”
Although mainly spread via spam e-mails, there are an increasing number of cases where the malware has infected users via drive-by downloads and the like.
Just last month, researchers spotted the CryptXXX variant infecting users via a legitimate website – that of American toy manufacturer Maisto.
Eldon Sprickerhoff, chief security strategist at eSentire, advised users to ensure systems and applications are always up-to-date with the latest patches in order to minimize risk.
“In the case of Maisto, users visiting the site with an outdated computer were vulnerable to infection,” he added. “It was not Maisto's intention to host malware, but due to weaknesses within their website, they were made the vector of the attack. These kinds of ransomware threats will become more prevalent.”