Fastest ransomware found to encrypt 53GB of data in just over four minutes

Humza

Posts: 1,008   +170
Staff member
Why it matters: For IT admins and cybersecurity teams, a ransomware attack is a crucial race against time to detect and contain damage while salvaging what's left of a company's data assets. But how much reaction time is there when such an incident occurs? Not a lot it seems, as revealed by ransomware testing of ten candidates, where LockBit led the pack by encrypting nearly 100,000 files on a Windows Server machine in just over four minutes.

The ransomware encryption speed test conducted by Splunk involved ten samples from ten ransomware families, which were run on four different 'victim' profiles. From a total of 400 test runs, a sample from LockBit running on a Windows Server 2019 machine emerged as the fastest ransomware, encrypting all 53GB of test data in just four minutes and nine seconds.

This test data consisted of 98,561 files, comprising pdfs, and excel and word documents. Meanwhile, the ransomwares were tested on a Windows 10 and Windows Server 2019 machine and included samples from REvil, Darkside, Babuk, Maze, LockBit, and several others. LockBit not only had the fastest sample, but also came out first overall in terms of median duration.

The interestingly named 'Babuk' ransomware emerged second overall, though it had its reputation spoiled somewhat by having the slowest individual sample that took over three and a half hours for file encryption.

Splunk also shared a whitepaper (requires a business email to download), offering a comprehensive look at this research. As for strategies to adopt in case of a ransomware attack, the company advises using multi-factor authentication, network segmentation, centralized logging, and keeping systems patched.

Permalink to story.

 

QuantumPhysics

Posts: 6,308   +7,247
The only surefire way to protect yourself:

#1 Backup your most important files to a portable, detachable portable SSD

#2 Backup your most important files to a NAS

#3 Make a clone of your boot SSD.

As much as I love having "everything" on a single large capacity SSD, I recognize that the maliciousness out there makes that untenable.

I've actually been quite fortunate not to encounter malware or ransomware, but the price of freedom is eternal vigilance.
 

dangh

Posts: 579   +918
So now Darknet auction sites will be pointing to Splunk to advertise their ransomware tools...;)
 

Theinsanegamer

Posts: 3,364   +5,591
The only surefire way to protect yourself:

#1 Backup your most important files to a portable, detachable portable SSD

#2 Backup your most important files to a NAS

#3 Make a clone of your boot SSD.

As much as I love having "everything" on a single large capacity SSD, I recognize that the maliciousness out there makes that untenable.

I've actually been quite fortunate not to encounter malware or ransomware, but the price of freedom is eternal vigilance.
That works great, unless you have a NAS that gets hit with ransomware. Like us ASUSTOR owners did.

You shouldnt have data on your boot drive anyway. Everything should be backed up on an offline source, like external HDDs. External SSDs sound great but their cold storage time is measured in weeks, HDDs are measured in years. HDDs also give warning before they fail usually, SSDs tend to fail without warning.
 

eforce

Posts: 957   +1,371
External HDD with Windows Backup should be ok for most people, Veeam Backup (free) is a good alternative if Windows Backup gives you issues.
 

netman

Posts: 776   +336
The only surefire way to protect yourself:

#1 Backup your most important files to a portable, detachable portable SSD

#2 Backup your most important files to a NAS

#3 Make a clone of your boot SSD.

#1 Been doing that for years now... However I have separate OS and Data SSD...!

#2 Don't have NAS, but My OS and Data SSD get backed up separately into an external HDD every week.

#3 Yes, clone the OS boot drive to an external HDD every week...and the external HDD connects to PC only during the backup and cloning...!
 

Athlonite

Posts: 316   +110
95% of malware infections can be attributed to PEBKAC educate the user properly and you'll find that percentage will drop the other 5% can be attributed to slack IT staff not doing their job properly