Ransomware gangs using clever new technique to dance past security protections

News
By published

Intermittent encryption is quickly gaining fame

Representational image of a cybercriminal
Image Credit: Pixabay (Image credit: Pixabay)

Ransomware operators have come up with a new encryption method that makes locking files faster, and less likely to be noticed by antivirus and other cybersecurity solutions, researchers have found.

According to experts from SentinelLabs, a rising number of ransomware operators (including Black Basta, BlackCat, PLAY, and others) have started adopting a process called “intermittent encryption”, encrypting files partially, instead of completely. 

That way, the files are still rendered useless (unless the owners get a decryption key), but the encryption process takes significantly less time, with researchers adding they expect more groups to adopt the technique in the future.

Multiple approaches

Different groups approach intermittent encryption differently. Some will only encrypt the first few bytes of a file. Others will offer multiple choices, leaving it up to the ransomware deployers to decide. Some will break the files into multiple chunks, and encrypt only some of them. But whatever option they choose, they’re all equally dangerous, as this technique also helps them avoid endpoint protection tools, as well. 

As explained by the researchers, when looking for malware, automated detection tools look for intense file IO operations. As intermittent encryption isn’t that intense, it can often fly under the radar.

The only possible downside to the technique is that encrypting files partially might make it easier for the victims to recover them. 

Read more

> Microsoft sounds the alarm over dangerously simple ransomware kits

> You're a ransomware victim: Here's 5 things you should do

> Check out the best security keys around

Despite some researchers claiming ransomware’s losing steam, due to businesses deciding not to pay up, and opting for protections and backups instead, some threat actors are still quite active. Only last week, news broke of all schools in Los Angeles suffering such an attack, affecting 26,000 teachers and 600,000 students. It prompted the attention of the White House itself, alerting the Department of Education, the FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA).

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
ransomware avast
AI is helping hackers get access to systems quicker than ever before
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
AWS S3 feature abused by ransomware hackers to encrypt storage buckets
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Interlock ransomware attacks highlight need for greater security standards on critical infrastructure
Ransomware attack on a computer
Ransomware attacks surged in 2024 as hackers looked to strike faster than ever
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Less than half of ransomware incidents end in payment - but you should still be on your guard
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The iPhone 16 Pro Max and Samsung Galaxy S25 Ultra

5 things I want from the iPhone 17 – or I’m out and back to Android
See more latest
Most Popular
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space