A new report from Kaspersky Lab found ransomware is now the most prolific cyberthreat of 2016.
Security experts identified 14% more new ransomware malware modifications between January and March this year compared to the same period last year, according to IT Threat Evolution in Q1 2016.
The rapid growth means ransomware has replaced the biggest threat of last year: advanced persistent threat (APT) network attacks.
The report also found that the number of attacked users was up 30% over the last quarter of 2015.
According to Kaspersky Lab researchers, the top ransomware families so far this year are Teslacrypt (58%) and CTB-Locker (24%), which infect users primarily through spam emails.
During the first quarter, several hospitals reported ransomware attacks. In February, Hollywood Presbyterian Medical Center in Los Angeles paid the equivalent of $17,000 in bitcoins to a hacker to regain control of its computer systems.
Aleks Gostev, chief security expert in Kaspersky's global research and analysis team, said ransomware is on the rise is because it works. Cybercriminals make an estimated 1,425% ROI for exploit kit and ransomware schemes, which gives them plenty of motivation to keep innovating.
"Another threatening trend is the ransomware-as-a-service (RaaS) business model where cybercriminals pay a fee for the propagation of malware or promise a percentage of the ransom paid by an infected user," said Gostev.
"The uptick and variance in ransomware in the first quarter of 2016…has been unbelievable," James Trainor, cyber division assistant director for the FBI, said last week. Trainor advised companies that become victims of a ransomware attack not to pay because it only encourages the hackers.