Ransomware booms with Locky, Cryptowall and Cerber accounting for 90 per cent of infections

Perennial 'favourites' remain most dangerous forms of malware, warns Check Point

Ransomware attacks doubled in the second half of 2016, with Locky accounting for two-fifths of the attacks. Cryptowall was the second most prolific ransomware, with the Cerber ransomware-as-a-service scheme close behind.

Together these three types of ransomware were responsible for 90 per cent of the ransomware outbreaks in the second-half of the year, according to research by Check Point Software. The dominance of just three ransomware types comes despite a proliferation of new ransomware strains as cyber criminals look to cash-in.

The UK has been a particular target for ransomware gangs, partly fuelled by organisations' willingness to pay-up.

The most prolific overal malware, according to the security software company's Global Threat Intelligence Trends report, was the Conficker worm which, despite its age - it was first detected in November 2008 - continues to plague Windows PCs and servers from Windows 2000 onwards.

The Conficker worm enables remote operations to be performed on infected PCs, as well as enabling malware downloads. The infected machine becomes part of a botnet, and contacts its command and control server to receive instructions, warns Check Point.

The report also warned about the proliferation of banking malware, with another well-established malware family, Zeus, which has been around since early 2009, accounting for one-third of all banking malware infections.

Zeus targets Windows platforms and uses a keystroke logger to steal banking credentials and browser form-data.

"Our data demonstrates that a small number of families are responsible for the majority of attacks, while thousands of other malware families are rarely seen," said Maya Horowitz, threat intelligence group manager at Check Point Software.

Ransomware attacks, she added, were proliferating fast "simply because they work and generate significant revenues for attackers".

She continued: "Organisations are struggling to effectively counteract the threat: many don't have the right defences in place, and may not have educated their staff on how to recognise the signs of a potential ransomware attack in incoming emails."

Just last week, Russian security software company Kaspersky admitted that three-quarters of the crypto-ransomware families - ransomware that encrypts people's data and demands a payment in return for the decryption key - were the work of Russian-speaking cyber-criminals.