{"id":7514,"date":"2022-09-10T16:26:57","date_gmt":"2022-09-10T07:26:57","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=7514"},"modified":"2022-11-21T16:31:01","modified_gmt":"2022-11-21T07:31:01","slug":"a-growing-number-of-ransomware-gangs-adopting-new-intermittent-encryption-tactic","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/a-growing-number-of-ransomware-gangs-adopting-new-intermittent-encryption-tactic\/","title":{"rendered":"A growing number of ransomware gangs adopting new intermittent encryption tactic"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"7514\" class=\"elementor elementor-7514\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b619a20 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b619a20\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b2a727a\" data-id=\"b2a727a\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-84da0b0 elementor-widget elementor-widget-text-editor\" data-id=\"84da0b0\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>In recent months, a growing number of ransomware groups have been observing using a new tactic, intermittent encryption that helps them encrypt their victims&#8217; systems faster\u00a0while reducing the chances of being detected and stopped. This involves encrypting only parts of the targeted files&#8217; content, which would still render the data unrecoverable without using a valid decryptor and key.<\/p><p>This tactic has been used by the following ransomware groups:<\/p><ul><li>LockFile<\/li><li>Black Basta<\/li><li>ALPHV<\/li><li>PLAY<\/li><li>Agenda<\/li><li>Qyick<\/li><\/ul><p>These groups have been actively promoting the presence of intermittent encryption features in their ransomware variations to attract more affiliates to join their operations.<\/p><p>An example of intermittent encryption is a ransomware variant skipping every other 16 bytes of a file, and therefore the encryption process takes almost half of the time required for full encryption and automated detection tools that rely on detecting signs of trouble in the form of intense file IO operations are more likely to fail.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>In recent months, a growing number of ransomware groups have been observing using a new tactic, intermittent encryption that helps them encrypt their victims&#8217; systems faster&nbsp;while reducing the chances of being detected and stopped. This involves encrypting only parts of the targeted files&#8217; content, which would still render the data unrecoverable without using a valid decryptor and key. This tactic<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":7519,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10,12,9,2,1],"tags":[],"class_list":["post-7514","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-latest_vulnerabilities","category-read_article","category-ransomware_criminals","category-ce_news","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2022\/11\/Picture1-3.jpg?fit=1380%2C920&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/7514"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=7514"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/7514\/revisions"}],"predecessor-version":[{"id":7522,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/7514\/revisions\/7522"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/7519"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=7514"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=7514"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=7514"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}