Variants of CryptoLocker multiply as hackers try to innovate.
Ransomware that can permanently encrypt user’s files has flourished in the first few months of 2015, according to research by the security vendor Trend Micro.
The malware type has been prevalent despite international police attacking the GameOver Zeus network used to distribute CryptoLocker, a popular strain among hackers before the shutdown.
Since then Trend Micro have seen hackers steadily improving the ransomware, creating variants such as TorrentLocker, CryptoFortress, Crypaura and Teslacrypt which use different tactics to extort money from people.
Among these innovations are the targeting of more file types, the deletion of shadow file copies to prevent people restoring their computers, and the introduction of free file decryptions as a means of building trust with victims.
Many of the newer file types targeted relate to creative tools used to make music, 3D models or computer code, indicating that hackers are now orienting themselves more towards work-related files as well as personal ones.
The malware developers are also hitting video gamers with ransomware that can encrypt game files, which may have taken hours of playing time or even large amounts of cash to create.
Anthony Joe Melgarejo, threat response engineer at Trend Micro, said: "Of course, some things have stayed the same, particularly, the need for anonymity.
"Bitcoin is the preferred mode of payment so that the threat actors could stay anonymous. In that same vein, Tor is the preferred payment site for anonymity and could prevent an easy takedown of their server which could hinder their transactions or revenues."
Despite the evolution of the malware many hackers are still exploiting the reputation of CryptoLocker, with some viruses such as CryptoFortress displaying a ransom note claiming to have used CryptoLocker to encrypt files.