Mobile ransomware attacks targeting Android users have grown four times compared to the same period of last year, and most of these attacks can be attributed to only four strains of Android ransomware.
According to a recent Kaspersky Lab study, Android ransomware has hit 136,532 users in the 2015-2016 period, increasing from 35,413 users recorded in the 2014-2015 period.
Most of the affected users were located in the United States, followed by Germany, Canada, and the United Kingdon.
Four Android ransomware variants accounted for 90% of all infections
Comparing Android ransomware infections to the rest of Android malware infections, the proportion of ransomware attacks grew from 2.04 percent in 2014-2015 to 4.63 percent in 2015-2016.
When Kaspersky started monitoring these infections in April 2014, the company was detecting just a few users per month, sometimes even zero. In March 2016, the company reported seeing over 30,000 Android ransomware infections each month.
Nine out of ten of these infections occurred because users got infected with one of four malware strains: Small, Fusob, Pletor and Svpeng.
PC ransomware is even more active
For desktop users, the situation is even bleaker. In a similar report released last week, the security vendor announced it has seen a 5.5 times increase in crypto-ransomware, with 718,536 users hit between April 2015 and March 2016.
Taking all ransomware variants in count, the screen-lockers, not just crypto-ransomware, Kaspersky says it detected 2,315,931 infected users across the world in the same period. This number is higher by 17.7 percent, the company recording 1,967,784 infected users from April 2014 to March 2015.
Crypto-ransomware hit the hardest users located in the United States, Germany, and Italy.
During the past year, the most popular crypto-ransomware family was the now defunct TeslaCrypt, followed by CTB-Locker, Scatter, Cryakl, CryptoWall, Shade, Mor, Aura, Locky, and Lortok. TeslaCrypt instances accounted for almost a half, while CTB-Locker accounted for a fifth of all infected users.