Ransomware continues to evolve and adapt its methods, making attacks more effective and harder to detect. In 2024, two major trends emerge: intermittent encryption and data theft. These new techniques enable cybercriminals to refine their strategies and exert additional pressure on victims. Let’s take a look at two trends that are redefining the ransomware landscape.
Intermittent encryption: an optimized attack technique
One of the most striking trends of 2024 is the adoption of intermittent encryption by ransomware groups. Unlike traditional methods, in which all a victim’s files were encrypted, intermittent encryption involves encrypting only a portion of each file. It may seem counter-intuitive, but this approach offers several advantages to cybercriminals.
Faster attacks
Firstly, it speeds up the attack. Encrypting large files can be time-consuming and may alert security systems before the entire data set is locked. By partially encrypting files, attackers can finish the process much more quickly, maximizing their chances of success before the organization’s automated defenses kick in.
Evasion of detection systems
Another advantage of intermittent encryption is that it avoids detection systems that monitor sudden, massive changes in file signatures. Since only small segments are modified, these systems may not immediately recognize that an attack is underway, allowing the ransomware to go undetected. This subtlety makes ransomware harder to spot and, consequently, more dangerous.
Impact on file recovery
From the victim’s point of view, although the file is not completely encrypted, it still becomes unusable. Partial encryption is sufficiently destructive to block access to data, forcing companies to consider paying ransom or turning to complex and costly recovery options.
Data theft: a double threat
Alongside file encryption, another technique has become widespread: data exfiltration. In addition to encryption, cybercriminals steal sensitive information belonging to their victims. This process offers attackers a number of strategic advantages and makes negotiations more difficult for victims.
Increased pressure on victims
With data theft, cybercriminals can threaten to disclose or sell sensitive information if the ransom is not paid. This puts considerable pressure on businesses, who risk not only losing access to their files, but also seeing their sensitive data or that of their customers made public. Consequences can include legal action, loss of customer confidence, or damage to the company’s reputation.
A lucrative alternative
This method represents a lucrative alternative to the traditional ransomware model based solely on encryption. By exploiting the fear of disclosure of confidential data, attackers increase their bargaining power. In some cases, the mere threat of disclosure is enough for victims to pay, even if they have managed to restore their systems via backups. In this way, ransomware groups maximize their chances of profit by doubling their leverage.
The evolution of ransomware in 2024: a challenge for cybersecurity
Trends such as intermittent encryption and data theft underline the rapid evolution of ransomware and the ingenuity of cybercriminals in circumventing existing security measures. In response, companies and individuals need to adjust their cybersecurity strategy accordingly.
Proactive prevention
It is becoming more crucial than ever to strengthen detection mechanisms and invest in systems capable of identifying malicious activity even in the case of minor file modifications. Advanced security solutions, such as behavioral analysis tools and AI-based intrusion detection systems, are becoming indispensable in the fight against these new forms of ransomware.
Backup management
Backup management also becomes essential to guarantee data recovery in the event of an attack. It is important that companies implement regular backup policies, keeping copies offline to prevent them from being compromised in the event of an attack. Backups should be tested regularly to ensure that they can be used effectively in the event of a crisis.
Response to data theft
In the event of data theft, it is crucial to have a response plan in place, including the involvement of the relevant authorities and cybersecurity experts to assess the extent of the theft and advise on the steps to be taken. At the same time, companies must be ready to inform their customers and partners of potential data breaches in accordance with data protection laws, such as the RGPD in Europe.
Conclusion
Ransomware continues to mutate and improve, making it more challenging for businesses looking to protect their systems and data. Intermittent encryption and data exfiltration are striking examples of how cybercriminals are optimizing their attacks to bypass defenses and maximize profits. In the face of these new threats, it is essential to remain vigilant and constantly adapt cybersecurity strategies to guard against these advanced forms of ransomware.