According to reports, cyber criminals and malicious groups are using ransomware intermittent encryption technology to bypass cyber security.
Intermittent encryption consists of encrypting only parts of the targeted content, which would still render the data unrecoverable without using a valid decryption key.
As only part of the file is encrypted, the process is much faster and harder to spot, meaning that ransomware detection software can fail to spot such attacks. This is because partially encrypted files may not be regarded as malicious by the software, which usually only recognise attacks on a larger scale where files are fully encrypted.
LockFile, part of the ransomware family, was noted in 2021 as the first known ransomware to use intermittent encryption – it worked by encrypting every 16 bytes of a file. However, since this was reported, several other groups have been found to have deployed this approach.
Other threat actors reported to have used intermittent encryption include Qyick and BlackCat, which are being sought for investigation in lab environments by researchers.
Intermittent encryption poses a huge risk for businesses and individuals alike, as attacks can go virtually undetected, and can be carried out with ease.
Organisations are advised to maintain a secure cyber security system through backups, up to date software, and keeping an eye on the current threat landscape.
If you are concerned about the impact ransomware could have on your business, please contact us at [email protected]
To stay up to date with the latest cyber security news, and gain access to a wealth of resources and support, why not sign up for our free core membership?
The NEBRC is a non-profit organisation that aims to inform, educate, and support businesses across the UK on how to stay safe against online threats and fraud through a strong cyber security strategy.