Since other malware types have a presence that is immediately noticeable, ransomware is said to be the first problem child piece of malware. It's stealthy and contains various approaches.

When the original Cryptolocker infrastructure was removed last year, Heimdal Security thought the next step for cyber-criminals would be smaller and more focused attacks. However, ransomware was improved to achieve more.

The most recent version of Cryptowall 4.0 improved exploit targeting as an attack vector, more lengthy spam messaging campaigns and more intelligent antivirus avoidance methods.

Ransomware makers are saluted with well-deserved credit for producing a very good product. Unless one has an algorithm, encryption is so strong that it's virtually impossible to break. Law enforcement has tried intercepting the infrastructure in order to reverse engineer the codes, but have not succeeded.

Heimdal researchers feel future strategies of ransomware will include a more mobile and diverse infrastructure so that keys are only semi-stored on each location and use an improved infrastructure so if intercepted, keys would be tougher to break on the individual storage locations.

Just like in marketing and sales, ransomware developers not only need a great product. They must target a customer base, reach their audience, convey an interesting message to get the attention of consumers, and fund the product—all of which have been accomplished by developers.

Heimdal fears that Crytowall 5 and 6 are in development stages and just around the corner. As recently noted by the company, ransomware makers are turning their business into a software company. Products of cyber-security companies must be enhanced and large website owners and emailing companies need to make it tougher for criminals to deliver their ransomware campaigns to prevent ransomware developers from advancing.