Menu
In recent months, a growing number of ransomware groups have been observing using a new tactic, intermittent encryption that helps them encrypt their victims’ systems faster while reducing the chances of being detected and stopped. This involves encrypting only parts of the targeted files’ content, which would still render the data unrecoverable without using a valid decryptor and key.
This tactic has been used by the following ransomware groups:
These groups have been actively promoting the presence of intermittent encryption features in their ransomware variations to attract more affiliates to join their operations.
An example of intermittent encryption is a ransomware variant skipping every other 16 bytes of a file, and therefore the encryption process takes almost half of the time required for full encryption and automated detection tools that rely on detecting signs of trouble in the form of intense file IO operations are more likely to fail.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
