The ransomware epidemic is set to get even worse in 2018, anti-virus software maker Sophos has warned.
In a report examining data from investigations with clients between April and October 2017, which encompassed both the WannaCry and NotPetya outbreaks, the company warned that cyber crooks are becoming more sophisticated - but end users, unfortunately, aren't.
Throughout 2017 attackers have been able to hone their ransomware delivery technique, while getting faster and better at exploiting zero-day security flaws.
While most ransomware hits Windows users, the report found that other platforms aren't immune. Attackers have also been targeting mobile devices, particularly Android.
Ransomware, the company says, will be a particularly "vexing problem" for businesses, as reflected by the impact of the WannaCry malware in May this year, which supplanted Cerber as the most widely distributed ransomware varient.
WannaCry made up 45.3 per cent of ransomware tracked by Sophas, with Cerber accounting for 44.2 per cent. Dorka Palotay, a researcher at the company, warned that cyber criminals will launch even more complex ransomware attacks in the future.
"For the first time, we saw ransomware with worm-like characteristics, which contributed to the rapid expansion of WannaCry," he said.
"This ransomware took advantage of an old Windows vulnerability to infect and spread to computers, making it hard to control," he added.
"Even though WannaCry has tapered off and Sophos has defenses for it, we still see the threat because of its inherent nature to keep scanning and attacking computers.
"We're expecting cybercriminals to build upon WannaCry and NotPetya and their ability to replicate, and this is already evident with Bad Rabbit ransomware, which shows many similarities to NotPetya."
The report also explored the rise and fall of NotPetya, which made headlines in June 2017. Sophos said that this attack did not spread as far as WannaCry, but added that it suspects that cyber criminals were merely "experimenting".
"NotPetya spiked fast and furiously before taking a nose dive, but did ultimately hurt businesses. This is because NotPetya permanently destroyed data on the computers it hit. Luckily, NotPetya stopped almost as fast as it started," said Palotay.
"We suspect the cybercriminals were experimenting or their goal was not ransomware, but something more destructive like a data wiper."
Sophos - like most security organisations - advise against paying the ransom. Indeed, in many cases, while users pay-up the scammers don't provide the promised decryption key.
Android ransomware is also on the rise, according to the research. The report revealed that the number of attacks on users using Google's mobile platform grew month-on-month during 2017.
The organisation said that by the end of the year, its systems will have identified an estimated 10 million suspicious Android apps, compared to 8.5 million processed during the whole of 2016.
Rowland Yu, a SophosLabs security researcher focusing on mobile malware, said: "In September alone, 30.37 per cent of malicious Android malware processed by SophosLabs was ransomware.
"One reason we believe ransomware on Android is taking off is because it's an easy way for cybercriminals to make money instead of stealing contacts and SMS, popping ups ads or even bank phishing which requires sophisticated hacking techniques.
"It's important to note that Android ransomware is mainly discovered in non-Google Play markets - another reason for users to be very cautious about where and what kinds of apps they download."
Some parts of Atacama have not received rainfall for 500 years - but a sudden deluge of water upset the Desert's delicate biological balance
Spitzer Space Telescope could not spot Oumuamua, suggesting that it is actually pretty small
Greenland crater one of the 25 largest impact craters on Earth
This long-sought progenitor star was identified in an image captured by Hubble in 2007