Ransomware gangs using clever new technique to dance past security protections
Intermittent encryption is quickly gaining fame
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Ransomware operators have come up with a new encryption method that makes locking files faster, and less likely to be noticed byantivirusand other cybersecurity solutions, researchers have found.
According to experts from SentinelLabs, a rising number ofransomwareoperators (including Black Basta, BlackCat, PLAY, and others) have started adopting a process called “intermittent encryption”, encrypting files partially, instead of completely.
That way, the files are still rendered useless (unless the owners get a decryption key), but the encryption process takes significantly less time, with researchers adding they expect more groups to adopt the technique in the future.
Multiple approaches
Different groups approach intermittent encryption differently. Some will only encrypt the first few bytes of a file. Others will offer multiple choices, leaving it up to the ransomware deployers to decide. Some will break the files into multiple chunks, and encrypt only some of them. But whatever option they choose, they’re all equally dangerous, as this technique also helps them avoid endpoint protection tools, as well.
As explained by the researchers, when looking formalware, automated detection tools look for intense file IO operations. As intermittent encryption isn’t that intense, it can often fly under the radar.
The only possible downside to the technique is that encrypting files partially might make it easier for the victims to recover them.
Microsoft sounds the alarm over dangerously simple ransomware kits>You’re a ransomware victim: Here’s 5 things you should do>Check out the best security keys around
Despite some researchers claiming ransomware’s losingsteam, due to businesses deciding not to pay up, and opting for protections and backups instead, some threat actors are still quite active. Only last week, news broke of all schools in Los Angeles suffering such an attack, affecting 26,000 teachers and 600,000 students. It prompted the attention of the White House itself, alerting the Department of Education, the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Windows PCs targeted by new malware hitting a vulnerable driver
Dangerous Android banking malware looks to trick victims with fake money transfers
Latest Google Pixel update includes surprise launch of Android 15’s best battery feature
