The United States and Europe lead the world in malware infections, but makers of one kind of malware — ransomware — have their sights especially set on businesses in the United States and the rest of North America, according to new study from Santa Clara, Calif.-based cybersecurity company Malwarebytes.

The study examined about a billion malware incidents from June to November 2016 on nearly 100 million Windows and Android devices in over 200 countries.

It found that Europe was the most malware-ridden continent, with 20% more infections than North America. In addition, 49% of ransomware detections, 31% of Android malware detections and 37% of adware detections were from Europe-based devices.

However, North American businesses are a huge target: 81% of all the ransomware detected in corporate environments occurred there, according to the study.

“It shouldn’t be a surprise that the United States is the country with the most ransomware detections,” it said.

“Many groups from Eastern Europe, as well as across the world, target Americans not only because of the populace’s wide accessibility to technology, but also their means to pay the ransom and, possibly, their ideological views.”

The rise of ransomware

Malwarebytes reported that ransomware distribution between January 2016 and November 2016 increased by 267%.

“This is an unprecedented domination of the threat landscape — like nothing we’ve seen before,” it reported.

In just the fourth quarter of 2016, the company cataloged almost 400 types of ransomware.

The U.S. leads the list of countries with the most ransomware detections, followed by Germany, Italy, the U.K. and France. Notably, Vatican City saw the steepest rise, with a 1,200% increase in all malware variants.

The study also noted that ransomware has become easier for criminals to use.

“While traditional malware such as banking Trojans, spyware, and keyloggers requires the cybercriminal to oversee multiple steps before revenue is delivered to their bank account, ransomware makes it a seamless, automated process,” it said.

“Script kiddies (hackers with little or no coding skills) can even buy turnkey ransomware kits known as ‘Ransomware as a Service’ (RaaS) that take all the hassle out of digital thievery.”

What’s next for malware in 2017

Though fewer sophisticated ransomware competitors may enter the market in 2017, Malwarebytes predicted the existing ones will make their attacks even nastier.

“We may see more variants that modify the infected computer’s Master Boot Record (MBR), which is a key part of a system’s ability to boot into its operating system,” it warned.

“Once modified, the system will boot into a lock screen set up by the malware, demanding payment not only to decrypt files but also to restore access to the main operating system. The addition of this functionality reduces the options for a victim to two: either pay the ransom or have the system wiped completely.”

Perhaps the biggest malware threat in 2017 may be to devices beyond phones and tablets — think appliances, cars, burglar alarms, vending machines and even alarm clocks that are part of the “Internet of Things” revolution.

“The surge of new cyberattacks leveraging IoT devices, coupled with a lack of concern for security on the part of the IoT industry, has resulted in botnets like Mirai being able to take down the backbone of the internet,” it said.

“Despite what the IoT industry decides to do — batten down the hatches or ignore security altogether — the doors have been opened by malware like Mirai for new IoT attack strategies in 2017.”