Ransomware attackers are increasingly using a new tactic that helps them encrypt victims’ systems faster and more efficiently, while decreasing the chances of being detected.
The new tactic is called intermittent encryption. It encrypts only parts of the file content targeted, but enough that would still allow the data to be rendered locked or unrecoverable.
By skipping say, every 16 bytes of a file, the encryption process is dramatically faster but still is effective at locking up the contents. In addition, because the invasion is milder, automatic detection tools may have more difficulty in noticing signs of trouble.
The outlook for intermittent encryption
Intermittent encryption is complex and must be implemented correctly to ensure success. But given that the technique seems to have multiple advantages for the attacker and little downside, security experts expect more cybercriminal gangs to adopt its use in the near future.
Organizations are highly advised to make sure their anti-ransomware solutions are up to date and that they have reliable data backup systems in place to reduce the associated risks.