Believe it \u2013 you too can become a successful cyber criminal! It\u2019s easy! It\u2019s cheap! It\u2019s short hours for big bucks! No need to spend years on boring things like learning how to write code or develop software.Just download our simple ransomware toolkit and we can have you up and running in hours \u2013 stealing hundreds or thousands of dollars from people in other countries, all from the comfort of your home office \u2013 or your parents\u2019 basement. Sit back and watch the Bitcoin roll in!OK, that\u2019s not the literal pitch coming from the developers of ransomware. But, given the rise of Ransomware as a Service (RaaS) \u2013 a business model in which malware authors enlist \u201cdistributors\u201d to spread the infections and then take a cut of the profits \u2013 it sounds like it could be a candidate for the kind of \u201cdirect-response\u201d TV ads that made the late pitchman Billy Mays famous.As Trend Micro put it more soberly in a recent blog post, \u201cPotential distributors don\u2019t even need much capital or technical expertise to start; even those without coding experience can launch a ransomware campaign.\u201d Indeed, the cost of some ransomware packages is less than $100.In other words, just about anybody can do it.All of which, until the recent ransomware attack on San Francisco's Municipal Transportation Agency (MTA), has seemed to be happening a bit under the radar.With high-profile Distributed Denial of Service\u00a0(DDoS) attacks like the one against Internet backbone provider Dyn grabbing most of the recent headlines, you could be forgiven for thinking that ransomware might be on the decline.But the reality is just the opposite, according to various experts and studies.According to a white paper from Osterman Research, it is at \u201cepidemic\u201d levels, with\u00a0nearly 50% of US companies experiencing a ransomware attack during the past year.And a Trend Micro report released in August found that about\u00a080 new ransomware "families" \u2013 an increase of 172 percent \u2013 were discovered in the first half of 2016. A single, older version of the CryptoWall family brought in an estimated $325 million in 2015.Ed Cabrera, chief cybersecurity officer at Trend Micro, said things have become markedly worse since that report. He said at the end of September, the increase was 400 percent. \u201cIn 2015, there had been 29 families observed, and as of September, we have observed and blocked 145 families,\u201d he said.Due to the dynamic nature of these threats obtaining and sharing actionable intelligence in a timely manner is the biggest challenge.That is no surprise to Andrew Hay, CISO at DataGravity, who said a DDoS attack tends to get more publicity because, \u201cit affects all users of a product or service, so the news of its impact spreads at the speed of typical internet news.\u201cRansomware, conversely, is often hidden from people outside the company until the company, attacker or affected customers release details,\u201d he said.Javvad Malik, security advocate at AlienVault, has a similar take on it. Many companies don\u2019t report ransomware attacks, he said, while DDoS attacks are, \u201cby design, intended to be as publicly visible as possible.\u201d(Paying the ransom) should be an absolute last resort.But they agree, ransomware is a growth industry. \u201cI don\u2019t think it has peaked. I think it is just getting started,\u201d said Christopher Hadnagy, chief human hacker at Social-Engineer. \u201cI still hear of lots of accounts of companies left to either pay or start over.\u201dAnd Orla Cox, director of security intelligence delivery at Symantec, said not only has the number of attacks increased, but the demanded ransom has as well.\u201cThe average ransom demand has more than doubled, and is now $679 (US dollars), up from $294 at the end of 2015,\u201d she said.[ MORE ON CSO: The history of ransomware ]She added that 2016, "has also seen a new record in terms of ransom demands, with a threat known as 7ev3n-HONE$T (Trojan.Cryptolocker.AD),\u201d which demands a ransom of 13 Bitcoin per computer, or $5,083 at the time of discovery in January.One reason for that explosive growth is probably because, even with headlines and continuous warnings about it, most individuals and organizations remain woefully vulnerable. Even if protection is available, they don\u2019t always use it.Be wary of unexpected emails especially if they contain links and\/or attachments.The recent attack on the San Francisco MTA (known as \u201cMuni\u201d) is an example. Security researcher and blogger Brian Krebs noted in a recent post that\u00a0the attacker actually advised his victims to, \u201cRead this and install patch before you connect your server to internet again,\u201d with a link to an advisory Oracle issued about a vulnerability in its Oracle WebLogic Server.Oracle had made that patch available on Nov. 10, 2015 \u2013 more than a year ago.Another reason for ransomware\u2019s success is that it takes time for security researchers to decrypt the files so they can provide solutions that will block them.That work is ongoing. Malik said once researchers can break into the software, \u201cthey are able to create signatures or indicators of compromise.\u201dA collaborative effort is by the Cyber Threat Alliance (CTA), founded by security vendors Fortinet, Intel Security, Palo Alto Networks and Symantec, which has used shared threat intelligence \u2013 in its words, \u201ca huge effort of pooling the Alliance\u2019s collective resources,\u201d to track and analyze the CryptoWal family.According to the alliance, the effort led to \u201cenhanced protection against this threat with each member\u2019s individual products,\u201d plus building public awareness through its reports.\u201dOther experts applaud sharing threat data, but note that it remains reactive \u2013 the updates, patches and other tools to block malware don\u2019t show up until after the threat has already caused plenty of damage.Hay said antivirus and antimalware products are good at, \u201cprotecting the low-hanging fruit,\u201d but the threats evolve too quickly for any tool to offer 100 percent protection.He added that while he supports the goals of the CTA, \u201cit is a members-only club. To join that club, you must provide a minimum of 1,000 unique malware executables daily that do not overlap with VirusTotal.\u201cThis high barrier to entry means that while the goals of the alliance are good, it\u2019s simply not inclusive enough to help those affected,\u201d he said. \u201cA better solution would be to open the doors and let vetted organizations and researchers contribute and work with the samples.\u201dCabrera called the sharing of threat information \u201ccritical to combating all cyber threats.\u201d[ RELATED: Tricks that ransomware uses to fool you ]But he said the reality is that, \u201cdue to the dynamic nature of these threats obtaining and sharing actionable intelligence in a timely manner is the biggest challenge.\u201dHe, like all experts, agreed that there is no \u201csilver bullet\u201d that will block all threats. But he said, \u201ca layered, connected threat defense that protects endpoint, network and cloud infrastructure,\u201d will at least allow organizations to manage the\u00a0ransomware threat.The best solutions, however, are the preventive ones, which include:Install software patches and updates as soon as they are available.Become savvy enough not to fall victim to phishing emails. \u201cBe wary of unexpected emails\u00a0especially if they contain links and\/or attachments,\u201d Cox said, adding that users should be especially careful of any Microsoft Office email attachment that advises enabling macros to view content. \u201cUnless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros,\u201d she said.Do regular backups \u2013 and make sure those have added protection or are stored offline.Hay said organizations can start by limiting access to their most important data and then rigorously monitor the network for anomalies.\u201cWhen these anomalies are detected, you can automatically create copies of your files in a safe location,\u201d he said, but added that it is also important to test the restoration of backups. \u201cThe last thing you want in the midst of an incident is to learn that your backups don\u2019t work,\u201d he said.Finally, experts are mixed on the wisdom of paying the demanded ransom.Hadnagy and Cox take the hard line. \u201cNever,\u201d Hadnagy said. \u201cSadly many times even if the ransom is paid they do not unlock the files.\u00a0It seems that if the ransom is paid the criminals learn it is good business and continue this type of attacks.\u201dCox agreed, for the same reasons \u2013 no guarantee that files will be unlocked, and increased likelihood of being attacked again.Cabrera added that even if the attacker provides the encryption key, he could have already exfiltrated data, and then sell it on the Deep Web.Others agree that it is a bad idea, but say there are times it could be the only feasible idea.Malik said paying, \u201cshould be an absolute last resort.\u201dAnd Hay said his \u201csecurity side\u201d would dictate that victims never pay, since that will simply encourage another attack with a larger ransom demand.But he said his \u201cbusiness side\u201d knows that, \u201cif the business cannot continue to operate without paying the ransom, they\u2019ll pay the ransom.\u201dTo comment on this story, head over to Facebook.