More evidence about the rapid spread of ransomware comes from the latest quarterly IT threat survey from Kaspersky Lab, which said this week that the number of Internet users that encountered ransomware more than doubled in the third quarter of this year compared to Q2.

It’s the third quarterly increase in a row, a testament to how much criminals like ransomware for pulling in money, as well as to how far behind security awareness training is among users.

The company said more than 821,860 were hit by the malware among those in the Kaspersky Security Network, which includes customers of its own and other antivirus service providers. The numbers come from customers that agreed to provide them.

“Crypto ransomware continues to be one of the most dangerous threats, both to private users and to businesses,” Fedor Sinitsyn, ransomware expert at Kaspersky Lab. said in a statement. “The recent jump in the number of attacked users may have been provoked by the fact that the number of modifications of ransomware we detected in Q3 – more than 32,000 modifications – was 3.5 times more than in Q2. This may be due to the fact that security companies nowadays invest a lot of resources into being able to detect new samples of ransomware as fast as possible. Criminals must therefore avoid detection by creating more new modifications of their malware.”

The main driver of growth in the number of attacked users was Trojan-Downloader.JS.Cryptoload,” Kaspersky said. It’s a family of downloaders written in JavaScript and capable of downloading different families of crypto ransomware. The most widespread of these in Q3 included CTB-Locker (28.34 per cent of attacked users), Locky (9.6 per cent) and CryptXXX (8.95 per cent).

The other key findings of the ‘IT Threat Evolution in Q3 Report’ include:

  • 45 million malicious URLs were detected in the quarter, which hosted malicious objects like scripts, exploits, executable files etc.
  • The number of users attacked with banking malware grew by 5.8 per cent and reached 1,198,264.
  • Browsers and Android OS remain the most frequently attacked software when it comes to exploits. Forty-five per cent of exploits detected by Kaspersky Lab were aimed at browsers, and 19 per cent of these malicious programs were built to exploit weaknesses in the popular Android mobile operating system.

During the quarter the Pokemon GO game was released. If that didn’t give CSOs nightmares when hackers added malicious code to the original app which spread through third-party stores, criminals found another vehicle: Publishing an infected guide for the game in the official Google Play store. The app was an advertising Trojan capable of gaining root access to a device by exploiting vulnerabilities in the system.