Ransomware is continuing its massive growth phase and the top offering in that malware category is Locky, a new report found.
The Locky ransomware family ended up created and distributed by one of the largest cyber-crime syndicates around, the same people behind the Dridex banking Trojan.
This year started with Locky first appearing on the scene and slowly gaining more traction with growing numbers each week, according to a quarterly report from security vendor Proofpoint.
Spam distribution was at record numbers almost all year, from January to May, with Proofpoint detecting in some periods hundreds of millions of spam messages per day.
Spam numbers took a dive in June, when one of the Dridex gang’s main botnets, Necurs, responsible for distributing Locky ransomware, shut down for three weeks.
Necurs eventually came back online toward the end of June, which helped quiet the levels of malware distribution compared to the previous quarter.
Nevertheless, when it was active, the botnet helped Locky win the top spot as the second quarter’s most active malware threat. Locky dominated spam distribution in the second quarter, replacing the Dridex Trojan as the most popular spam malware, while the CryptXXX ransomware remained the favorite malware spread via exploit kits, according to the report.
The Angler and Nuclear exploit kits, which shut down in June and May respectively, were more popular than many people thought, and after their shutdowns, traffic to exploit kits went down 96 percent worldwide.
Despite this, Proofpoint also registered a growth in popularity for exploit kits capable of infecting mobile devices. The company reports that over ten million Android devices ended up compromised this way in the second quarter alone.
Overall, Android malware accounted for 98 percent of the entire mobile malware scene, the report said.