In addition to the long list of troubles 2016 brought, this past year has also been declared “The Year of Ransomware.” The pernicious form of malware saw explosive growth, driven by its effectiveness on victims, its strength as a revenue-generator, and its scalability.

Ransomware is an attractive choice for cybercriminals because it is one of the easier ways for them to actually get what they’re after: money. Stealing personal information is one thing, but actually using that to generate revenue is tough if you still have banking systems to go through, or if you have to find a buyer for the corporate secrets you’ve stolen.

Ransomware turns people into both the victims and the customer, selling the information back to the people who need it the most. This also reduces risk, as criminals can avoid paper trails and more secure systems, and leverage victims’ desperation to prevent attempts to do anything other than get information back.

But while the victims might not have the ability to defend themselves, there are many other people who are working very hard to solve this problem. Cybersecurity researchers and experts are constantly shoring up vulnerabilities, patching software, and building new systems to prevent against this exact sort of attack.

But cybercriminals are smart, resourceful, and highly incentivized to overcome these roadblocks. As both sides struggle for dominance, a ransomware arms race has forced cybercriminals to get creative, to find new methods for distribution, revenue, and of course, threats. While standard flavors of ransomware are still a major problem, we’ve found a number of innovative, malicious (and admittedly interesting) developments that have cropped up as a result of increased defensive measures.

New Threats

As services and software are developed to combat file locking, ransomware families such as Locky have taken the form of “doxware,” referring to the act of doxing (posting the victim’s private information online). This might include addresses, phone numbers, or even Social Security numbers, putting the victim at risk of other criminals finding this information.

This type of ransomware was developed as a workaround for the increasing number of cases where the individual or business has properly backed up their data, eliminating the threat of files lost to ransomware. The approach is an especially large issue for companies, who have proprietary and other confidential information that would be very damaging if made public.

Another form of ransomware also leverages your personal information, but instead of threatening your personal safety or business secrets, they threaten you with public humiliation and legal trouble.

Ransoc is one of the most recent developments in ransomware, scraping your hard drive and social media accounts in order to find illegal material such as torrented media or child pornography, and generating a legitimate-looking note threatening you with a very public and embarrassing court case…unless, of course, you pay a fine.

Unsurprisingly, you don’t actually have to have such illegal material on your computer in order to get the ransom note. But for many people, the prospect of being publicly shamed is enough for them to pay up, no questions asked.

New Distribution

The increased difficulty of a successful cybercrime score has also pressured criminals to explore alternative means of distributing their virus. One of the most noteworthy and worrisome new methods of doing so is Ransomware-as-a-Service, which allows less technically-minded would-be cybercriminals to download the software, which they can then use to infect other people’s systems.

A clever new way to spread ransomware like wildfire comes from Popcorn Time (unrelated to the streaming media site), which gives victims a free decrypt key for their files in exchange for participating in the worst referral program ever. Oh, yes: Popcorn Time provides a referral link to victims, and if the victims can get two other people infected with that link, then their own files are released.

Looking Ahead

Over the past year, the creators of ransomware and other forms of malware have shown that they are very adept at evolving to overcome increasing security measures. These new threats and distribution channels – as well as new earnings streams such as ad revenue scams – pose a difficult question as we close in on 2017: where does it end?

Well, if the accelerating growth of organized cybercrime groups is any indication, we may find that things are just getting started. We’re far from stamping out cybercrime, just like we’re far from stamping out all crime. The onus is on organizations and individuals to act with care and responsibility, to take precautions and be smart about online interactions.

Most cybercrime depends on the ignorance and mistakes of its victims, so by educating yourself and your coworkers about security, you’re doing your part to ward off a good proportion of even the most sophisticated new threats.