WannaCry accounted for 90% of ransomware detections last year, with activity among other families declining as cyber-criminals gradually lost interest, according to new research from F-Secure.
The Finnish security vendor’s latest report, The Changing State of Ransomware, revealed that aside from the notorious crypto-worm, Locky, Mole, Cerber, and Cryptolocker were also popular ransomware families in 2017.
However, despite attacks increasing 415% on 2016 figures, and detections of new ransomware families increasing 62% on the previous year to reach 343 unique strains, F-Secure claimed the trend is starting to decline.
The legacy of WannaCry and NotPetya could actually be to discourage cyber-criminals from getting involved: because they did not see big pay days for the attackers, and only served to publicize to users that victims don’t necessarily get their data back by paying up.
“After the summer, there was a noticeable shift away from the kind of ransomware activity that we’ve seen in the last year or two,” said F-Secure security advisor, Sean Sullivan.
“The last couple of years saw cyber-criminals developing lots of new kinds of ransomware, but that activity tapered off after last summer. So it looks like the ransomware gold rush mentality is over, but we already see hard core extortionists continuing to use ransomware, particularly against organizations because WannaCry showed everyone how vulnerable companies are.”
The report chimes to an extent with similar research this year which has pointed to cyber-criminals increasingly looking to crypto-jacking as an easier alternative to make money.
Symantec claimed that crypto-jacking attacks exploded by 8,500% in 2017 while the average ransom amount dropped to $522, less than half the average of 2016.
Cisco Talos argued that botnet herders could make as much as $100m from crypto-jacking, without needing to interact with their victims at all; representing a much bigger and easier ROI.