Some of the internet’s biggest malware factories have stopped producing — but the battle is not over.
The number of network infections generated by some of the most prolific forms of malware — such as Locky, Dridex, and Angler — has suddenly declined.
Instances of malware and ransomware infection have risen massively this year, but cybersecurity researchers at Symantec have noticed a huge decline in activity during June, with new infections of some forms of malicious software almost at the point where they’ve completely ceased to exist.
Locky has been one of the most prolific ransomware threats of 2016, as the high-profile infection of a Hollywood hospital demonstrated, but researchers have seen very few new cases of the system locking malware in recent weeks — and that’s just a month after infections peaked.
Dridex, the bank targeting Trojan botnet, has also seen a significant drop in activity in recent weeks — and this form of malware is known to be used by the same cybercrimal groups which use Locky. Detections of Dridex have also fallen to almost zero in recent weeks.
Meanwhile, new infections of the Angler exploit kit appear to have completely stopped, with Symantec reporting no new payloads since the beginning of June for the main method of delivery for CryptXXX ransomware. However, this isn’t the first time researchers have seen Angler disappear, so it may not yet be defeated.
Why have these infamous and prolific malware infections suddenly dropped off the radar so quickly? Researchers point out the decline follows the arrest of 50 people in Russia who are accused of using malware to steal over $25m, reportedly by the malicious Lurk Trojan infecting victims’ PCs and stealing bank account details.
Given that the threats from Locky and Dridex haven’t disappeared completely, it’s thought that these malware campaigns aren’t directly linked to those responsible for using Lurk.
However, Symantec researchers suggest that the arrests may have resulted in the shutdown of networks used to host campaigns by other hacking and cybercriminal groups.
While that’s slowed activity for now, it’s probably only a matter of time before Locky, Dridex, and other forms of malware are on the rise again — because cybercriminals know this form of malicious activity is an easy way to exploit victims for ransom money.