A recent data breach investigations study revealed that ransomware was the most prevalent variety of malware in 2017.

According to Verizon’s “2018 Data Breach Investigations Report (DBIR),” security professionals spotted cryptolockers in 39 percent of security incidents that involved malware as an attack variety. This attack type was more prevalent than spyware, banking Trojans and other forms of malicious software over the course of the year.

Ransomware in Review

For the report, Verizon analyzed over 53,000 security incidents, including 2,216 data breaches, submitted from contributors in more than five dozen countries. The goal of the study was to identify trends in those events and inform organizations about the threats they’re up against as they plan their defense strategies.

The researchers ranked ransomware as the fifth-most prevalent action variety with 787 incidents, and noted that malware was utilized as a tactic in 30 percent of security events.

Gabe Bassett, senior information security data scientist at Verizon and co-author of the report, said he tracked ransomware’s growth since it first appeared in the 2013 edition of the DBIR. During that span of time, he witnessed ransomware activity double year over year on at least two separate occasions.

“The reason we’re seeing this incredible prevalence is ransomware is a great value proposition for the attacker,” Bassett told TechRepublic. “They don’t have to do a lot of the complex work. They just drop a piece of malware and then let it run.”

Ransomware activity also grew because of its flexibility, allowing cybercriminals to launch campaigns against targets that are more lucrative than users’ personal devices. In fact, Verizon noted a rise in ransomware operations targeting enterprises’ file systems and databases.

An Industry Perspective

Ransomware was more prevalent in some industries than others. Healthcare came in at the top, with cryptolockers accounting for 85 percent of all malware varieties over the course of the year. The May 2017 outbreak of WannaCry, which claimed 34 percent of the U.K.’s National Health Service (NHS) hospital trusts as victims, according to the U.K. Department of Health and Social Care, likely helped drive up this figure.

But Bassett and his fellow researchers revealed that number might misrepresent the realities of data protection in the healthcare sector. The Verizon report noted that medical organizations are bound by federal regulations to report ransomware attacks as data breaches and not instances of data risk. Therefore, it’s impossible to know whether hospitals and other healthcare centers are more susceptible to ransomware than organizations in other industries or if higher reporting standards are to blame.

The report’s authors advised organizations to take certain steps to protect themselves against data breaches, including implementing two-factor authentication (2FA), patching software vulnerabilities and conducting ongoing security awareness training with employees.