Figure shows that recorded incidents of Locky, one of the most common malware threats, dropped by over 80 percent during December -- but it'll be back.
The Necurs botnet was one of the biggest distributors of malware during 2016, sending millions of malicious emails in an effort to spread Locky ransomware.
Locky became the most high profile form of ransomware of 2016, before mysteriously appearing to cease operations in late December.
It was speculated that the campaign dropped as the criminal actors behind it went on a Christmas holiday, but Necurs didn't return -- until now.
Cybersecurity researchers at Symantec have detailed how the group behind Necurs begun putting new command and control servers online in February before renewing spamming operations on March 20.
Since that date, Symantec says it has been blocking 100,000s of emails every hour that the campaign is running -- and that figure only represents a small proportion of the total volume of spam being sent by the botnet.