Over the past six months, the number of Locky ransomware infections has gone down and is expected to reach an all-time low this month, in March. Ever since the ransomware launched in mid-February 2016, Locky has been one of the most active and prevalent ransomware families on the Internet. IT security experts from Imperva, AlienVault and ESET commented below.
“In the end, these guys are out to make money. It is likely that the “yield” from Locky started to diminish over time. This is natural, as various entities develop countermeasures. So the attackers moved on. This is a classic example as to why focusing on a specific strain of malware will never be effective. As long as there is financial incentive, cybercrime industry will always optimize for best yield, which means they will constantly evolve how they attack. What they attack – data and apps – doesn’t change though.”
“Cyber criminals tend to operate like any other legitimate business. Their intention is to maximise profits whilst reducing risks. They are also subject to similar market forces that can dictate the direction to move in.
While it’s not completely clear as to why Locky is dropping in popularity, it could well be down to a combination of factors such as better detection controls thwarting successful infections, competitive pressures, winding down current version to work on a new version, or challenges with the supply chain amongst others.”
“We can confirm that Locky’s activity has been slowly fading since August 2016. However, we cannot say what is the reason behind this decline. It would be merely our speculation as only ransomware operators know their own motivations.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.