Ransomware attacks on businesses around the world rose 50% last year, research into successful cyber-breaches shows.
Its popularity means malware is now responsible for 51% of all the incidents analysed in the annual Verizon data breach report.
This analyses almost 2,000 breaches to find out how firms were caught out by cyber-thieves.
It also found that measures taken by some firms after payment systems were targeted, stopped new breaches.
Glimmer of hope
The rapid rise in the number of successful ransomware attacks was widely expected, said Marc Spitler, senior manager in Verizon's security research division, simply because so many malicious hacking groups were adopting the tactic.
"Ransomware is all about how can they get more money per infected device," he said.
A separate report by security firm Symantec found that the average amount paid by victims of ransomware had risen to $1,077 (£834).
Consumers were likely to be hit straight away with ransomware, said Mr Spitler, but attacks on businesses were stealthier. Often, he said, attackers burrowed deeper into a company's infrastructure to find key databases that were then scrambled before payment was sought.
In most attacks, booby-trapped attachments sent via email were the main delivery mechanism for ransomware and other malware, found the report.
"These attacks are all about getting a foothold on a system," he said, adding that once attackers were inside an organisation they typically looked to use the back doors for many different types of attack.
Darren Thomson, chief technology officer for Symantec in Europe, said its statistics suggest about one in every 131 email messages was now harbouring some kind of cyber-threat.
"They are arriving in Word documents and Excel spreadsheets," he said, "the messages people get many times a day."
The Verizon report also spotted a shift in the targets of cyber-attacks with 61% of victims now being companies with fewer than 1,000 employees.
The good news, said Mr Spitler, was that some industry sectors that had been hit hard before, now appeared less often in its attack statistics - suggesting their digital defences were starting to work.
"The lack of large retailers suffering point-of-sale intrusions was a glimmer of hope," he said.