There has been a sudden drop off in activity relating to a number of major malware families in recent weeks. Dridex (W32.Cridex), Locky (Trojan.Cryptolocker.AF), the Angler exploit kit and Necurs (Backdoor.Necurs), are among the threats who appear affected by this development. Following reports of scaling back in activity by a range of cybercrime gangs, Symantec telemetry has confirmed that some of these groups have virtually ceased operating, while others appear to have greatly scaled back activity.
Locky has been one of the most prevalent ransomware threats in recent months, but Symantec has seen very few new Locky cases, either from spam campaigns or exploit kits since the beginning of June. While the threat has not disappeared, there has been a significant dip in activity, indicating that that there has been some disruption in the actors’ operations or a conscious decision to scale back.