Security firms are warning about a sudden “huge” surge in junk mail messages containing ransomware.
The surge is being blamed on the group behind a novel strain of ransomware called Locky.
One security firm reported that a version of Locky produced two weeks ago is now the second most prevalent form of ransomware it sees.
The US, France and Japan were the top targets for the gang behind Locky, statistics suggested.
Like many other ransomware programs, Locky encrypts data on an infected machine and then asks for a payment before providing a decryption key. Currently Locky asks for 3 bitcoins (£885) as payment.
At peak spamming times, wrote Mr Mendrez, about 200,000 messages an hour carrying ransomware attachments were hitting its junk mail spotting servers.
The most prevalent ransomware family in that total was Cryptowall which was found in 83.5% of the ransomware emails it had caught. Cryptowall first appeared in early 2014.
The spam surge had helped establish Locky as a “significant presence” in the ransomware world, said Mr Dela Paz.
The attackers sending out large amounts of Locky spam were using the same network of hijacked computers, known as a botnet, that was used to distribute the Dridex banking trojan.
“It’s the same botnet, different day, and different payload,” said Mr Mendrez.
To avoid falling victim, people and companies should regularly back up data so it can be restored if a machine gets infected, he said.