- SentinelLabs has unveiled a new technique, intermittent encryption, currently being adopted by some of the ransomware groups.
- Intermittent encryption partially encrypts the target files; still making them inaccessible but requires way lesser time to encrypt.
- Some of the ransomware groups have already adopted this new technique including Black Basta, ALPHV, PLAY, Agenda, and Qyick; security researchers expect more.
Ransomware gangs are becoming more and more aggressive, and they are causing many problems to their targets. They are also pushing for improvising, while the cybersecurity industry is trying to catch up with them. Now, it seems like they have a revolutionary new technique that will further annoy their targets.
Higher speed, lower noise
The new technique consists of partially encrypting the files in the target system. According to the report from SentinelLabs, intermittent encryption provides two key improvements to the ransomware operators: better performance and evasiveness.
The new algorithm for intermittent encryption simply encrypts some portions of the target files and leaves the remaining portions unencrypted. In this way, the target file still becomes unaccessible, and its encryption process completes way faster since it does not need to rewrite the whole file. According to the researchers, this also makes the ransomware more evasive since it requires less activity on the storage devices.
RaaS groups promote intermittent encryption
Currently, some of the ransomware groups, including Black Basta, ALPHV/Black Cat, PLAY, Agenda, and Qyick are adopting the new method. Qyick has an announcement on a hacker forum as well, promoting the intermittent encryption feature and its speed, which you can see in the image below:
SentlinelLabs has also shared an example of a partially encrypted file by Black Basta:
Security analysts state that this technique has no downsides and more ransomware gangs will adopt them soon. The ransomware attacks can now be completed in a few minutes with less activity on storage devices, making them a bigger threat.