Ransomware has replaced advanced persistent threat (APT) network attacks as the most problematic cyberthreat -- and early indications suggest that they'll be the main problem for 2016 as a whole, cybersecurity researchers from Kaspersky Lab have warned.
The findings are outlined in Kaspersky Lab's IT Threat Evolution in Q1 2016 report, which details how security experts detected 2,900 new ransomware malware modifications appearing between January and March this year -- a rise of 14 percent.
Not only is malware increasingly altering itself -- thus making ransomware attacks more difficult to defend against -- but also the number of attacks are rising, with the number of attacked users up by 30 percent compared with the previous quarter.
According to detections by Kaspersky Lab researchers, the top three ransomware families during the first quarter of the year were: Teslacrypt (58.4 percent), CTB-Locker (23.5 percent), and Cryptowall (3.4 percent). All three of these mainly infected users through spam emails with malicious attachments or links to infected web pages.
According to Aleks Gostev, chief security expert in Kaspersky'sglobal research and analysis team, one of the reasons ransomware is on the rise is because it works: people will pay a ransom rather than lose access to their personal data.
"Once the ransomware gets into the users' system, there is almost no chance of getting rid of it without losing personal data," Gostev said. "The demand to pay the ransom in bitcoins makes the payment process anonymous and almost untraceable which is very attractive to fraudsters."
Gostev also pointed to the rise of malware-as-a-service as a significant factor in the rise of ransomware attacks -- because it allows almost anyone to infect a system and demand payment.
"Another threatening trend is the ransomware-as-a-service (RaaS) business model where cybercriminals pay a fee for the propagation of malware or promise a percentage of the ransom paid by an infected user," he said.
Kaspersky also suggests that another key factor in ransomware becoming so successful is that users aren't aware they can beat the infection without handing over a ransom.
"Businesses and individuals are not aware of the technology countermeasures that could help to prevent infection and the locking of files or systems," researchers said.