This follows a trend where threat actors have been doing their best to keep a low profile as much as possible, giving up on large scale ransomware attacks. The ones that did not remove from their toolkit chose to be more specific with their attacks, targeting specific companies and individuals because of their higher profits potential. It enables them to always have a foothold within an organization’s networks as long as the threat stays undetected, allowing for multi-stage attacks once they find a better way to profit from the.
Source: https://www.bleepingcomputer.com/news/security/cryptojacking-overtakes-ransomware-malware-as-a-service-on-the-rise/