Are Locky and Dridex on Summer Vacation?

A sudden drop in cybercrime activity related to major threat families Locky, Dridex, and Angler have Symantec cybersecurity experts taking note, but still keeping a vigilant eye on the associated malware gangs. One reason for the decrease may be the arrest of 50 people in Russia thought to be involved in the group behind the Lurk banking fraud.

Locky Dropoff

One of the most prevalent ransomware threats in 2016, Locky has shown a significant drop in activity during the month of June. Blocked Locky infections per week went from more than 3,000 in May to the low hundreds this month. That means that new Locky cases, either from spam campaigns or exploit kits, have dramatically fallen.


(Figure 1. Blocked Locky infections by week, showing drop in activity over past two weeks)

Dridex Slowdown

Financial fraud Trojan Dridex has also almost disappeared — but not quite. The Dridex botnet’s subnets continue to operate, and Symantec has noted that Word macro downloaders are still delivering Dridex through spam campaigns.


(Figure 2. Blocked Dridex infections by week, showing low activity in recent weeks)

Angler Inactivity

The Angler exploit kit has dropped off the radar, with no reported payloads being delivered since the start of May. This isn’t the first time Symantec Security Response has seen Angler go dark, so it remains uncertain whether this well-known exploit kit has gone extinct.


(Figure 3. Payloads being delivered by Nuclear exploit kit. Activity ceases in first week in May.)

Russian Arrest Connections?

Given that most of the affected threats have not disappeared entirely, it appears unlikely that they are directly connected to the Lurk group. One possible explanation is that the law enforcement takedown against Lurk could have resulted in the shutdown or seizure of infrastructure used by other attacker groups, who have since been working to resume their operations.

Symantec Security Response is continuing to monitor the situation and will provide further updates if new information comes to light.

Published at Norton Antivirus security Blog –

Leave a Reply

DISCLAIMER is an independent support provider on On-Demand Remote Technical Services For Norton Security products. Use Of Norton Name, logo, trademarks & Product Images is only for reference and in no way intended to suggest that Technology has any business association with Norton. Norton trademarks, Names, logo and Images are the property of their respective owners, disclaims any ownership in such conditions. setup /setup
norton setup enter product key setup setup with product key / setup
norton antivirus toll free number
norton online help
norton live update problem
setup/setup setup enter product key setup canada

phone support
norton/setup enter product key
set up account
technical support phone number
setup with product key
setup product key install
setup install setup
norton com setup setup product key / setup
enter product key, setup

online help chat
product code
security helpline
antivirus contact phone number
norton helpline
antivirus live update problem product key
norton 800 number
live chat
norton setup get started setup usa
norton 25 digit key
ww setup product key enter
norton .com/setup
norton com setup setup enter product key
visit norton site /setup
yahoo install account set up setup
norton setup phone number
norton setup installation setup
install install
norton antivirus setup help help Number
Symantec Customer service

norton antivirus setup assistant
norton setup number setup
norton 800 number
norton antivirus toll free number
norton setup error
norton setup toll free number product key

norton setup get started help install
norton setup download
norton setup installation setup
norton setup support
norton setup new account
norton setup register new key

install install
norton setup support number product key activation
norton setup 25 digit key
norton technical support phone number
norton setup sign in

Need help with,,, or Microsoft