The cybercriminals behind these operations are also increasingly adding detection evasion techniques, the Trend Micro researchers said.
For example they're using legitimate, but compromised websites to redirect users to the final landing pages. They're also adding CAPTCHA tests to their spoofed sites in order to block automatic crawlers or security sandboxes from catching the malicious payloads.
Some recent TorrentLocker versions even have self-destruct capabilities to prevent IT staff from collecting samples from infected systems.
"We believe that ransomware will continue to improve its tactics and target more business environments," the Trend Micro researchers said. Simple things like verifying the source of emails and the reputation of websites before visiting them can go a long way to prevent ransomware infections. However, the importance of backing up data using the 3-2-1 rule -- at least three copies in two different formats with one copy stored off-site -- cannot be stressed enough, they said.
Sign up for Computerworld eNewsletters.