In 2015 ransomware attacks became more innovative with their code and capabilities to extort money from victims.  This trend is likely to continue in 2016 according to forecasts by security firms

http://www.darkreading.com/endpoint/2015-ransomware-wrap-up/d/d-id/1323424

It’s been a banner year for ransomware operators…and a nerve-wracking one for anybody responsible for securing endpoints.  Although some of the malware may issue empty threats, some of it has proven just as nasty as it claims. Researchers found that 30 percent of organizations admitted they’d pay ransom requests, and even multiple police departments have succumbed to them, when nobody was able to recover their encrypted files or their back-ups.

Then of course, there’s CryptoWall, the big daddy. 2015 kicked off with a new variant of CryptoWall 2.0 that was full of new tricks. It used TOR on command-and-control traffic and could execute 64-bit code from its 32-bit dropper. When CryptoWall 3.0 arrived on the scene, it was more streamlined and then spread mostly through exploit kits. CryptoWall 3.0 made $325 million in extortion payments in just the first 10 months, according to reports.  Then this fall, Cryptowall 4.0 appeared, using a very different style of ransom note. It was less of a classic “give me all your money” stick-up, and more like a combination of a welcome and threat from a particularly vicious homeowner’s association — urging community members to buy a $700 “software package” to decrypt their files…then urging more strongly.