FireEye researchers detected a nearly sixfold increase in ransomware activity in between February 2016 and March 2016.
While the highest spike occurred between those two months, researchers detected a 72 percent spike in activity between March 2016 and October 2015, according to a Wednesday blog post.
The success of the Locky and TeslaCrypt campaigns generally contributed to the spike, FireEye Manager of Threat Intelligence John Miller told SCMagazine.com via emailed comments.
While Miller had no definitive evidence that media coverage played a direct role in the increase, he said it is possible that attacks being in the news had some impact.
Increased media coverage of the malware incidents accompanied by the number of successful attacks that resulted in victims paying cyber crooks to unlock their files likely inspired more attacks, researchers wrote.
“There is no denying the satisfaction an attacker feels when their exploits make the news,” they said. The Petya ransomware authors went as far as to include links to recent articles covering the malware on its ransom payment page.
Other factors which could be contributing to the spike include the relatively high profit margins that ransomware attacks yield, the success of prolific ransomware families such as CryptoWall, and the emergence of new ransomware variants adopting ransomware as a services (RaaS) frameworks, according to the post.
The increase in both ransomware families and distribution tactics seems to suggest the successful monetization of such attacks has increased, Miller said.
He said the ransomware business is so lucrative, cybercriminal organizations will likely continue to invest in delivery mechanisms that are “polymorphic” and “evasive” to maximize their infection opportunities.