Over the past six months, the number of Locky ransomware infections has gone down and is expected to reach an all-time low this month, in March. Ever since the ransomware launched in mid-February 2016, Locky has been one of the most active and prevalent ransomware families on the Internet. IT security experts from Imperva, AlienVault and ESET commented below.
Morgan Gerhart, VP at Imperva:
“In the end, these guys are out to make money. It is likely that the “yield” from Locky started to diminish over time. This is natural, as various entities develop countermeasures. So the attackers moved on. This is a classic example as to why focusing on a specific strain of malware will never be effective. As long as there is financial incentive, cybercrime industry will always optimize for best yield, which means they will constantly evolve how they attack. What they attack – data and apps – doesn’t change though.”
Javvad Malik, Security Advocate at AlienVault:
“Cyber criminals tend to operate like any other legitimate business. Their intention is to maximise profits whilst reducing risks. They are also subject to similar market forces that can dictate the direction to move in.
While it’s not completely clear as to why Locky is dropping in popularity, it could well be down to a combination of factors such as better detection controls thwarting successful infections, competitive pressures, winding down current version to work on a new version, or challenges with the supply chain amongst others.”
Ondrej Kubovič, Security Specialist at ESET:
“We can confirm that Locky’s activity has been slowly fading since August 2016. However, we cannot say what is the reason behind this decline. It would be merely our speculation as only ransomware operators know their own motivations.”