According to a new report from PhishMe, 93% of all phishing emails contained encryption ransomware as of the end of March.
That number grew from just 56% in December. In every other month of 2015, less than 10% of phishing emails contained malware.
The number of phishing emails overall hit 6.3 million in the first quarter of this year, a 789% increase over the last quarter of 2015, according to the report.
Ransomware’s booming popularity can be attributed to the fact that it’s now so easy to deploy and its ROI is significant: Cybercriminals make an estimated 1,425% ROI for exploit kit and ransomware schemes, according to the 2015 Trustwave Global Security Report.
While other types of cyberattacks are more complex and time-intensive, ransomware is often easy money. And if cybercriminals ask for relatively small amounts of money, many small to medium businesses would prefer to pay and get their data back more quickly than attempt to recover their data in other, more complex ways.
"If you look at the price point of paying the ransom, it is rarely more than 1 or 2 Bitcoin, that's $400 to $800, maybe $1,000 depending on the exchange rate," said Brendan Griffin, Threat Intelligence Manager at PhishMe, according to a CSO report. "That's a relatively low price point for a small to medium business."
Two types of ransomware in particular—Locky and TeslaCrypt—have seen the most growth over the last six months, the report found.
Phishing attacks are also getting more sophisticated. Last month, the Anti-Phishing Working Group said cybercriminals are increasingly hiding behind compromised websites to carry out their attacks. The group said the number of distinct website links in phishing attacks jumped by more than 150% between October 2015 and March 2016.