Locky malware attacks to return with a vengeance experts warn

Everyone likes a break over Christmas and the New Year – even malware developers firmly committed a life of cybercrime. That's according to multiple cybersecurity firms, each warning that a recent lull in global malware circulation is unlikely to last for much longer.

One strain of ransomware called Locky – which infects victims via malicious spam links and can hold entire computer networks to ransom – all but disappeared over the Christmas period, with an 81% decrease in overall activity in the space of a week, experts have revealed.

US-based cybersecurity firm Checkpoint said global malware attacks fell by 8% in December compared with stats from the month previous. Meanwhile, Cisco's Talos expert Jaeson Schultz revealed how use of the 'Necurs' botnet also significantly decreased.

In any case, the researchers are now telling the public not to expect the relative calm to continue. "We expect attack volumes to bounce back in January," Checkpoint has warned in new a blog post.

"We don't often think about the human faces behind sophisticated, insidious cyberattacks, but we should," the researchers said. "Malicious cybercriminals take holidays too, and the decrease in global malware attacks in December follows the same pattern as last year.

"We fully expect malware attacks to jump up again."

The top three ransomware strains recorded throughout December, as the year came to a close, were called Conficker, Nemucod and Slammer. However, it is 'Locky', the fresh-malware-on-the-block that continues to surprise.

"Locky was one of the biggest malware success stories of 2016, going from being a brand-new ransomware variant in February to second in the global table by November, so we will definitely continue to monitor it with interest in 2017," said Nathan Shuchami, threat expert at Checkpoint. "Time will tell as to whether cybercriminals are moving onto new variants or whether Locky has simply taken a Christmas vacation," he added.

This week, the largest National Health Service trust in the UK was targeted by a form of Trojan malware, forcing computer systems at Barts Health in east London offline. According to health officials it had the "potential to do significant damage" however was ultimately contained.

Additionally, on 10 January it emerged a Los Angeles-based school was forced to pay cybercriminals $28,000-worth of Bitcoin to regain access to infected computer networks after they were riddled with ransomware.

Almost three weeks into 2017, it seems the ceasefire has already ended, with the predictions of the cybersecurity experts seemingly validated. It would appear the break's over.