In just five minutes, one of the most prevalent forms of ransomware encrypts 100,000 files, showing how quickly ransomware can become a major cybersecurity crisis for the victim of an attack.
Splunk researchers tested how quickly ten major ransomware strains encrypt networks – and some were far more effective than others at getting the job done quickly, making it harder for attackers to stop them.
The fastest form of ransomware is LockBit, which took just 5 minutes and 50 seconds on average to encrypt 100,000 files. In one of the tests, LockBit took only 4 minutes and 9 seconds to encrypt files of 53.83 GB in size on different Windows operating systems and hardware specifications.
LockBit was one of the most prevalent forms of ransomware in the early months of 2022, and the cybercriminals behind it have boasted that it is the fastest form of ransomware. Analysis by researchers seems to show that cyber criminals’ boasting is unfortunately true.
Ransomware is one of the biggest security problems companies face today. Hackers invade networks, encrypt files and servers, and demand ransom for the decryption key. These ransom demands can run into the millions, and many include an additional level of extortion with the threat of making the stolen data public if the ransom is not paid.
For the tested ransomware variants, the average time it took to encrypt the sample files was 42 minutes and 52 seconds.
While LockBit was the fastest to encrypt files, Babuk ransomware was not far behind with an average encryption time of 6 minutes and 34 seconds.
Avaddon ransomware took an average of 13 minutes and 15 seconds, followed by Ryuk at 14 minutes and 30 seconds, and REvil – one of the most productive ransomware groups of the past year – encrypted the data in an average of 24 minutes and 16 seconds.
BlackMatter ransomware took 43 minutes and 3 seconds to encrypt files, Darkside – known for the Colonial Pipeline ransomware attack – took 44 minutes and 52 seconds, and Conti – known for a number of high-profile incidents – took an average time of 59 minutes and 34 seconds to encrypt the 54GB test files. The ransomware Maze and PYSA encrypt files the slowest, taking 1 hour and 54 minutes each.
While the slowest encryption takes almost two hours longer than the fastest, that’s still not a significant amount of time – and it could easily go unnoticed until it’s too late when the cybercriminals launch the ransomware attack outside of working hours, e.g. B. overnight or at the weekend.
In any case, it’s difficult to prevent a ransomware attack once encryption has already begun – which means the best form of defense against ransomware is to secure the network against it in the first place.
Two of the most common techniques cybercriminals use to compromise networks as a gateway for ransomware attacks are exploiting weak or compromised passwords for remote desktop protocols and exploiting unpatched software vulnerabilities.
It is therefore crucial that users are encouraged to use strong passwords for their accounts to prevent compromise – and this should go hand in hand with multi-factor authentication as an additional barrier against attacks.
Information security and IT departments should be aware of what and who is on their network so they can patch emerging vulnerabilities and spot potentially suspicious activity before launching a full-scale attack.