An increasing number of ransomware gangs are embracing a new tactic that allows them to encrypt their victims' systems faster while reducing the odds of being detected, according to a new report from SentinelLabs. This tactic is known as intermittent encryption and involves encrypting only portions of the targeted files' content, which still renders the data unrecoverable without a valid decryptor+key. For instance, “by skipping every other 16 bytes of a file, the encryption process takes almost half of the time required for full encryption but still locks the contents for good,” according to BleepingComputer. And since intermittent encryption exhibits a lower intensity of file IO operations, compared to normal encryption, automated detection tools may not be able to spot the occurrence of this tactic. SentinelLabs’s report traces the start of this tactic to LockFile ransomware actors, back in mid-2021. Now, other ransomware groups like Black Basta, ALPHV (BlackCat), PLAY, Agenda, and Qyick have adopted and actively promote it to encourage cyber criminals to join their Ransomware-as-a-Service operations. Access the full report at SentinelLabs or read a relevant news article here.
You are here
Related Resources
Jun 28, 2024 in Cybersecurity, in OT-ICS Security, in Security Preparedness
Jun 27, 2024 in Cybersecurity, in Security Preparedness
Jun 27, 2024 in Cybersecurity, in OT-ICS Security, in Security Preparedness