CryptoLocker-style ransomware is eight times more common now than in January, going a long way towards overtaking fake police warning ransomware scams, according to Symantec.
The disruption of the GameOver Zeus banking trojan botnet back in late May took away one of the main distribution methods for CryptoLocker itself.
Security firms have since developed a service that allows victims to recover files scrambled by CryptoLocker without caving in to the demands of extortionists.
About 545,000 computers worldwide, around half of those being in the US, have been infected with CryptoLocker between September 2013 and May 2014. Victims have been defrauded to the tune of $27m (£16m) as a result of the malware, according to FBI estimates from June.
While it was active CryptoLocker was extremely successful. Its legacy continues in the form of "tribute bands" even though the main scam itself has effectively been neutralised.
CryptoLocker-style ransomware has seen a 700 per cent-plus increase. "These file-encrypting versions of ransomware began the year comprising 1.2 per cent of all ransomware detections, but now make up 31 per cent at the end of August," Symantec reports.
CryptoDefense has emerged as the most commonly detected file-scrambling ransomware scam over recent weeks, after first taking off in large numbers during June (and after crooks fixed coding flaws in early versions of the threat). "By the end of July, it made up 77 per cent of all crypto-style ransomware for the year to date," Symantec adds.