Ransomware attacks like WannaCry and Petya caused major chaos last year, while the likes of Locky and Cerber were less high-profile, but still managed to generate large amounts of income for their criminal creators.
2017 was the year of ransomware, but it could be that the file-encrypting malware has already reached its peak, as an analysis of cybercriminal campaigns appears to show that malicious actors are already dumping ransomware in favour of other forms of cyber-attack.
According to an analysis of cybercrime tactics and techniques by researchers at security company Malwarebytes, the final months of 2017 saw cyber-attackers ditch ransomware, either in favour of returning to more stealthy forms of malware like trojans and spyware, or moving onto the likes of cryptocurrency miners and ad-fraud malware.
However, since that point, the percentage of ransomware drops has fallen significantly, dropping to under 10 percent of malicious payloads in December.
It could be that the high profile of ransomware following the WannaCry incident pushed the malware into the public eye to such an extent that potential victims became more aware of the threat, while making more businesses more likely to back up data. In both cases, some cybercriminals may have found ransomware to be a less effective means of illicitly making money.
"In the wake of so many high visibility ransomware attacks, both corporations and individuals are realising the necessity for good backup practices. This alone, even without additional security precautions, effectively deadens the otherwise considerable sting of the threat," Chris Boyd, malware analyst at Malwarebytes, told ZDNet.
"Breaking that peculiar element of trust with victims -- who are relying on you to keep your word and give files back -- means diminishing returns," said Boyd, adding: "In short, people have wised up to ransomware given the media saturation."
So what are cybercriminals turning to now, if they're moving away from ransomware?
This form of attack causes a massive drain on the resources of the infected system, potentially slowing it down to the point where it could become unusable for anything but the malicious mining. Researchers suggest that 2018 will see a further increase in this form of malware, which could even rope in mobile and IoT devices.
"If this craze continues, we are likely going to keep seeing an evolution of drive-by mining tools, new mining platforms, and new forms of malware designed to mine and/or steal cryptocurrency," said the report.