FBI releases joint advisory warning of Vice Society ransomware attacks on school districts
September 6, 2022
Cyberattack against Bell Canada subsidiary claimed by Hive ransomware gang
September 15, 2022

A growing number of ransomware gangs adopting new intermittent encryption tactic

In recent months, a growing number of ransomware groups have been observing using a new tactic, intermittent encryption that helps them encrypt their victims’ systems faster while reducing the chances of being detected and stopped. This involves encrypting only parts of the targeted files’ content, which would still render the data unrecoverable without using a valid decryptor and key.

This tactic has been used by the following ransomware groups:

  • LockFile
  • Black Basta
  • PLAY
  • Agenda
  • Qyick

These groups have been actively promoting the presence of intermittent encryption features in their ransomware variations to attract more affiliates to join their operations.

An example of intermittent encryption is a ransomware variant skipping every other 16 bytes of a file, and therefore the encryption process takes almost half of the time required for full encryption and automated detection tools that rely on detecting signs of trouble in the form of intense file IO operations are more likely to fail.

Leave a Reply

Your email address will not be published.