CYBERSECURITY
compliance reporting , and closely observe any unusual behaviours that may indicate an intruder in your network ,” adds Higgins .
The future of ransomware Ransomware attacks are constantly evolving in complexity , scope and scale and , recently , a new trend has emerged : intermittent encryption .
“ Intermittent encryption is when ransomware forgoes encrypting the entirety of every file , instead only encrypting part of each file , often blocks of a fixed size or only the beginning of targeted files ,” concludes Higgins .
There are several reasons attackers choose intermittent encryption over full encryption , according to Higgins : “ The most obvious is speed : because files are only partially encrypted , intermittent encryption requires less time spent on each file , allowing the ransomware to impact more files in less time . This means that even if the ransomware is stopped before running to completion , more files will be encrypted , creating a more significant impact and making it more likely the ransomware will end up damaging critical files .
“ Additionally , some security solutions make use of the amount of content being written to disk by a process in their heuristics to identify ransomware . With intermittent encryption , less content is written , and , therefore , there is a smaller chance that ransomware will trigger such detections .
“ Intermittent encryption starts to blur the line between corrupting files and making files truly unusable . However , because the malware can end up leaving a large portion of the files unencrypted , there are – fortunately – tools available that can extract data from the non-encrypted parts of the files and recover some of the unencrypted data .”
46 July 2023