FBI releases joint advisory warning of Vice Society ransomware attacks on school districts
September 6, 2022
Cyberattack against Bell Canada subsidiary claimed by Hive ransomware gang
September 15, 2022

A growing number of ransomware gangs adopting new intermittent encryption tactic

In recent months, a growing number of ransomware groups have been observing using a new tactic, intermittent encryption that helps them encrypt their victims’ systems faster while reducing the chances of being detected and stopped. This involves encrypting only parts of the targeted files’ content, which would still render the data unrecoverable without using a valid decryptor and key.

This tactic has been used by the following ransomware groups:

  • LockFile
  • Black Basta
  • ALPHV
  • PLAY
  • Agenda
  • Qyick

These groups have been actively promoting the presence of intermittent encryption features in their ransomware variations to attract more affiliates to join their operations.

An example of intermittent encryption is a ransomware variant skipping every other 16 bytes of a file, and therefore the encryption process takes almost half of the time required for full encryption and automated detection tools that rely on detecting signs of trouble in the form of intense file IO operations are more likely to fail.

Related posts

April 11, 2024

Threat Actors Are Actively Using Pupy RAT Malware to Attack Linux Systems

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.