According to a study conducted by security firm SentinelOne, ransomware spreading hackers are adopting a new encryption standard named ‘Intermittent Encryption’ while targeting victims. And as per the update, now available on the company’s blog post, the new data locking technique is being embraced by more buyers and affiliates as they find it innovative and VFM.
Intermittent Encryption is nothing but locking down files on a partial note and at a great speed that also helps in being detected. For instance, if suppose, a 1GB file is targeted. The hacker locks down the file in parts and with great accuracy and speed.
Since there are no intense IO operations, the anti-malware solutions cannot detect the activity, thus failing in its true aim of inception.
SentinelOne researchers state that some ransomware spreading gangs such as Black Basta, ALPHV, PLAY, Agenda and Qyick are advertising their RaaS operations by advertising that their malware has the ability of intermittent encryption.
And FYI, LockFile spreading ransomware gang were the first to use such a new technique, and with time, the threat actors learnt to encrypt over 100,000 files or 53GB of data in just 4 minutes.
NOTE 1- Typically, hackers encrypt all the data on the database and lock it down from access until a ransom is paid. But with intermittent encryption on the rise, the complexity of such ransomware activities might encourage the victims to pay up for the decryption key.
NOTE 2- American Technology Giant Microsoft has released a press update urging all internationally active businesses to stay vigilant about ransomware attacks being conducted by an Iranian Hacking Group named ‘Phosphorous’. The Windows OS giant reiterated the fact that the functions of this notorious criminal gang was to exploit vulnerabilities and take hold of the systems, mostly through moonlighting.