Ransomware attacks, which occur when cybercriminals block access to a victim's critical data and demand payment to release it, are rapidly increasing in numbers, maturity and severity, security experts have found. The average ransom demand has more than doubled from $294 (£223) at the end of 2015 to $679 (£514), new research from security firm Symantec shows.
According to Symantec's special report Ransomware and Businesses 2016, ransomware attacks have reached a "new level of maturity and menace" over the past 12 months as online criminals use more newer, more sophisticated methods to target both individuals and large organisations.
"Ransomware has quickly emerged as one of the most dangerous cyberthreats facing both organisations and consumers, with global losses now likely running to hundreds of millions of dollars," the report reads.
"The perfection of the ransomware business model has created a gold-rush mentality among attackers, as growing numbers seek to cash in."
Although ransomware infection numbers did drop in the first quarter of 2015, the overall infection rate rose steadily through the rest of the year with an average of 23,000 to 35,000 infections occurring every month, the report found.
The arrival of the Locky ransomware in March 2016 saw infection numbers spiking up to 56,000.
Last year was also a record one for attacks with a total of 100 new ransomware families discovered, most of which are now the "most dangerous form of the threat" – crypto-ransomware. These attacks occur when a malicious individual or group encrypts a user's data and demands that they pay a ransom in exchange for a decryption key.
According to an earlier Kaspersky Lab report, crypto-ransomware attacks have already reached epidemic status with the number of users hit more than quintupling in the past year.
In late 2015 and early 2016, TeslaCrypt was found to be one of the most widespread ransomware variants. The most widely circulated crypto-ransomware threats were Cerber, CryptXXX and Locky, the report said.
Although ransomware attackers continue to target individuals, accounting for 57% of all global infections between January 2015 and April 2016, the report notes that ransomware gangs are increasingly focusing their attacks on businesses and organisations, particularly in sectors that are more likely to pay up.
While the services sector accounted for 38% of all ransomware infections, manufacturing industry came second with 17%, followed by public administration (10%), and finance, insurance and real estate (10%).
"Although more complex and time-consuming to perform, a successful targeted attack on an organisation can potentially infect thousands of computers, causing massive operational damage and serious damage to revenues and reputation," the report reads. "Once cybercrime gangs see some businesses succumb to these attacks and pay the ransom, more attackers will follow suit in a bid to grab their share of the potential profits."
Between January 2015 and April 2016, the US fell victim to the most ransomware attacks accounting for 31% of global infections, followed by Italy, Japan, the Netherlands, Germany and the UK.
This year has already seen a series of major ransomware attacks on hospitals and universities, including Hollywood Presbyterian Medical Center, MedStar Health and the University of Calgary among others.