Ransomware is now the most common type of malware, with its proportion of attacks having doubled since 2017, according to Verizon's latest Data Breach Investigations Report.
The report noted that ransomware was found in 39% of malware-related cases analyzed for the report - over 700 incidents.
Ransomware moved up from fourth place in the ranks of the most prevalent varieties of malicious software during the 2017 report to first this year.
Analysis from the telecoms company also found that ransomware attacksa re now moving into business critical systems such as file servers or databases, inflicting more damage and commanding bigger ransom requests.
The report meanwhile found that HR departments across multiple verticals are now being targeted in social engineering attacks such as financial pretexting and phishing. Attackers are seeking to extract employee wage and tax data so they can commit tax fraud and divert tax rebates.
The report found that financial pretexting and phishing represent 98% of social incidents and 93 percent of all breaches investigated, and email remained the main entry point in 96% of cases.
Meanwhile, on average 4% of people fall victim to any given phishing campaign, and a cybercriminal needs only one victim to gain access to an organization.
Ransomware remains a significant threat for companies of all sizes. It is now the most prevalent form of malware, and its use has increased significantly over recent years,” Verizon executive director for security professional services Bryan Sartin said.
“What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom – the cybercriminal is the only winner here.”