Newest Ransomware Trend: Attackers Move Faster with Partial Encryption

Cyber Security Threat Summary:
In a recent report from Check Point, it was observed that ransomware actors can rapidly incapacitate systems through partial encryption. You might be wondering, what is partial encryption and why is it effective? Generally, encryption, especially for large data volumes, can be a time-consuming process. Consequently, attackers are seeking more efficient and effective methods to make victims' data inaccessible until the ransom is paid.

Partial encryption, also known as intermittent encryption, has emerged as just one example of increasingly sophisticated attack tactics, often in readily available off-the-shelf ransomware products that are openly sold on the darkweb much like traditional software. Rather than encrypt the entire compromised system, partial encryption does just that: It encrypts a portion of the victim’s files either at random, encrypting a predetermined percentage of the data, as Royal ransomware does, or encrypting only the most important files, as determined by fingerprinting: financial documents, photos, and personal information. Ransomware can also selectively encrypt files related to a particular project or task, bringing it to its knees until payment is made.

Security Officer Comments:
According to the report, several high-level ransomware groups have adopted this new method, making their attacks more effective. The report specifically highlights five key groups: Chernovite, Bentonite, ALPHV/BlackCat, and Hive. These groups have targeted a significant number of victims and continue to pose substantial threats across various industry sectors. These groups have found that using methods to identify the most crucial files and systems and targeting them first useful for conducting attacks. They have also realized that making files and systems inoperable doesn't necessarily require encrypting them entirely, 100%.

Suggested Correction(s):
It's of utmost importance that we continue sharing news about ransomware attacks and the tactics used by cybercriminals with our members. This proactive approach can give organizations the necessary time to respond and swiftly adjust their security measures. Ransomware, due to its profitability, is unlikely to disappear anytime soon. Leaders can leverage such instances to advocate for more robust security controls and budget allocations, enabling effective data replication and backup procedures to ensure the timely restoration of services in line with business continuity plans.