A sudden drop in cybercrime activity related to major threat families Locky, Dridex, and Angler have Symantec cybersecurity experts taking note, but still keeping a vigilant eye on the associated malware gangs. One reason for the decrease may be the arrest of 50 people in Russia thought to be involved in the group behind the Lurk banking fraud.
One of the most prevalent ransomware threats in 2016, Locky has shown a significant drop in activity during the month of June. Blocked Locky infections per week went from more than 3,000 in May to the low hundreds this month. That means that new Locky cases, either from spam campaigns or exploit kits, have dramatically fallen.
(Figure 1. Blocked Locky infections by week, showing drop in activity over past two weeks)