1 minute read
CYBERSECURITY
compliance reporting, and closely observe any unusual behaviours that may indicate an intruder in your network,” adds Higgins.
The future of ransomware
Advertisement
Ransomware attacks are constantly evolving in complexity, scope and scale and, recently, a new trend has emerged: intermittent encryption.
“Intermittent encryption is when ransomware forgoes encrypting the entirety of every file, instead only encrypting part of each file, often blocks of a fixed size or only the beginning of targeted files,” concludes Higgins.
There are several reasons attackers choose intermittent encryption over full encryption, according to Higgins: “The most obvious is speed: because files are only partially encrypted, intermittent encryption requires less time spent on each file, allowing the ransomware to impact more files in less time. This means that even if the ransomware is stopped before running to completion, more files will be encrypted, creating a more significant impact and making it more likely the ransomware will end up damaging critical files.
“Additionally, some security solutions make use of the amount of content being written to disk by a process in their heuristics to identify ransomware. With intermittent encryption, less content is written, and, therefore, there is a smaller chance that ransomware will trigger such detections.
“Intermittent encryption starts to blur the line between corrupting files and making files truly unusable. However, because the malware can end up leaving a large portion of the files unencrypted, there are – fortunately – tools available that can extract data from the non-encrypted parts of the files and recover some of the unencrypted data.”
WRITTEN BY: ILKHAN OZSEVIM
