Ransomware attacks like WannaCry and Petya caused major chaos last year, while the likes of Locky and Cerber were less high-profile but still managed to generate large amounts of income for their criminal creators.

2017 was the year of ransomware, but it could be that the file-encrypting malware has already reached its peak, as analysis of cybercriminal campaigns appears to show that malicious actors are already dumping ransomware in favour of other forms of cyber attack.

According to an analysis of cybercrime tactics and techniques by researchers at security company Malwarebytes, the final months of 2017 saw cyber attackers ditch ransomware - either in favour of returning to more stealthy forms of malware like trojans and spyware, or moving onto the likes of cryptocurrency miners and ad fraud malware.

Figures suggest ransomware reached a high of accounting for over 70 pecent of exploit and spam drops in June - the same month as the Petya ransomware attack and shortly after May's WannaCry outbreak.

However, since that point, the percentage ransomware drops has fallen significantly, dropping to under 10 percent of malicious payloads in December.

It could be that the high profile of ransomware following the WannaCry incident pushed the malware into the public eye to such an extent that potential victims became more aware of the threat, while making more businesses more likely to back up data. In both cases, some cybercriminals may have found ransomware to be a less effective means of illicitly making money.

"In the wake of so many high visibility ransomware attacks, both corporations and individuals are realising the necessity for good backup practices. This alone, even without additional security precautions, effectively deadens the otherwise considerable sting of the threat," Chris Boyd, malware analyst at Malwarebytes told ZDNet.

It's also possible that prominent forms of ransomware - including Petya and Bad Rabbit - were poorly coded or just outright designed not to provide decryption keys and sometimes even accept payments, so some victims just stopped paying fees.

That breach of 'trust' to the 'customer' by some ransomware distributors therefore tarnished made it less likely for victims to pay up when hit with other forms of ransomware either.

"Breaking that peculiar element of trust with victims - who are relying on you to keep your word and give files back - means diminishing returns," said Boyd, adding "In short, people have wised up to ransomware given the media saturation".

So what are cybercriminals turning to now, if they're moving away from ransomware?

One avenue they're turning to is using malware to mine for cryptocurrencies, with attacks tricking users into installing programs which secretly run in the background of systems in order to aquire cryptocurrency - be it bitcoin, Monero or something else.

This form of attack causes a massive drain on the resources of the infected system, potentially slowing it down to the point where it could become unusable for anything but the malicious mining. Researchers suggest that 2018 will see a further increase in this form of malware, which could even rope in mobile and IoT devices.

"If this craze continues, we are likely going to keep seeing an evolution of drive-by mining tools, new mining platforms, and new forms of malware designed to mine and/or steal cryptocurrency," said the report.

However, it'd be foolish to completelty discount the risk of ransomware. It's still a valuable means of making money for cyber criminals - as demonstrated by the recent case of a US possible paying $55,000 to hackers after a ransomware attack.

There are also families of ransomware like Locky, which have previously appeared to have died off only to return with a vengeance. Meanwhile, hackers are still experimenting with new ways of delivering ransomware.

