Ransomware attacks doubled in volume in the second half of 2016, with the Locky variant accounting for two-fifths of the attacks.
That's according to research by Check Point Software, which reveals that Cryptowall was the second most prolific form of ransomware, with the Cerber ransomware-as-a-service scheme close behind.
Together these three types of ransomware were responsible for 90 per cent of ransomware outbreaks in the second-half of the year, despite a proliferation of new ransomware strains as cyber criminals look to cash-in.
The UK has been a particular target for ransomware gangs, partly fuelled by organisations' willingness to pay-up.
However, the most prolific malware, according to the security software company's Global Threat Intelligence Trends report, was the Conficker worm which, despite its age - it was first detected in November 2008 - continues to plague Windows PCs and servers from Windows 2000 onwards.
The Conficker worm enables remote operations to be performed on infected PCs, as well as enabling malware downloads. The infected machine becomes part of a botnet, and contacts its command and control server to receive instructions, warns Check Point.
The report also warned about the proliferation of banking malware, with another well-established malware family, Zeus, which has been around since early 2009, accounting for one-third of all banking malware infections.
Zeus targets Windows platforms and uses a keystroke logger to steal banking credentials and browser form-data.
"Our data demonstrates that a small number of families are responsible for the majority of attacks, while thousands of other malware families are rarely seen," said Maya Horowitz, threat intelligence group manager at Check Point Software.
Ransomware attacks, she added, were proliferating fast "simply because they work and generate significant revenues for attackers".
She continued: "Organisations are struggling to effectively counteract the threat: many don't have the right defences in place, and may not have educated their staff on how to recognise the signs of a potential ransomware attack in incoming emails."
Just last week, Russian security software company Kaspersky admitted that three-quarters of the crypto-ransomware families - ransomware that encrypts people's data and demands a payment in return for the decryption key - were the work of Russian-speaking cyber-criminals.
AlphaBay users had flocked to Hansa after it was closed down - not realising it had already been taken over by Dutch police
Microsoft closes in on $100bn annual revenues with sales weighing-in at $23.3bn
Moves to take down cyber-squatted domains reveals Fancy Bear hacking network, claims Microsoft
Intel claims 'world first' in artificial intelligence that can be plugged-in almost anywhere