It takes just five minutes for one of the most prolific forms of ransomware – or ransomware – to encrypt 100,000 files, showing how quickly ransomware can become a major cybersecurity crisis for an attack victim. Splunk researchers tested how quickly 10 major ransomware strains encrypted data. Their results are frightening to say the least.
The LockBit ransomware immediately stands out as the fastest. It only takes a median time of just 5 minutes and 50 seconds to encrypt 100,000 files. In one of the tests conducted by Splunk, LockBit only took 4 minutes and 9 seconds to encrypt 53.83 GB files on different Windows operating systems and hardware specifications. LockBit is, let’s remember, one of the most prolific forms of ransomware in 2022.
The authors of this ransomware even bragged about bringing the fastest form of ransomware to life. Analysis by Splunk researchers seems to show that the bragging of cybercriminals is sadly accurate.
BitLocker in pole position
Ransomware is one of the most significant cybersecurity issues facing organizations today. Hackers break into networks before encrypting files and servers and demanding ransom payment for the decryption key. These ransom demands can run into the millions of dollars and many of them come with an added layer of extortion, with threats of releasing the stolen data if the ransom is not paid.
Among the ransomware variants tested, the median average file encryption time in the sample was 42 minutes and 52 seconds. If LockBit was the fastest in encrypting files, Babuk ransomware is not far behind, with a median time of 6 minutes and 34 seconds to encrypt data. It took Avaddon ransomware a median time of 13 minutes and 15 seconds to encrypt data, compared to 14 minutes and 30 seconds for Ryuk and 24 minutes and 16 seconds for REvil – one of the most prolific ransomware groups in 2021.
BlackMatter ransomware took 43 minutes and 3 seconds to encrypt files, Darkside – famous for the Colonial Pipeline ransomware attack – took 44 minutes and 52 seconds and Conti – known for a series of high-profile incidents – put a median time of 59 minutes and 34 seconds to encrypt the 54 GB of test files. Maze and PYSA ransomware are the slowest to encrypt files, each taking 1 hour and 54 minutes to do so.
parades exist
Although the slowest cipher takes almost two hours longer than the fastest, that’s still not a significant amount of time – and it could easily go unnoticed until it’s too late if cybercriminals triggered the attack. ransomware attack during non-working hours, such as at night or on weekends. Either way, it’s hard to prevent a ransomware attack once the encryption progression has already begun – which means the best form of defense against ransomware is to secure the network from the start.
Two of the most common techniques used by cybercriminals to compromise networks for ransomware attacks are exploiting weak or compromised passwords for remote desktop protocols and taking advantage of unpatched vulnerabilities in software.
It is therefore essential to encourage users to use strong passwords for their accounts in order to avoid any compromise, and to accompany them with multi-factor authentication as an additional barrier against attacks. Information security and IT departments need to know what is on their networks and who is on them, so they can patch emerging vulnerabilities and identify potentially suspicious activity before a large-scale attack can take place. be launched.
Source: ZDNet.com