"Fastest Ransomware Encrypts 100k Files in Four Minutes"

A new study by researchers at Splunk has found that network defenders have just 43 minutes to mitigate ransomware attacks once encryption has begun.  The security monitoring and data analytics vendor evaluated the speed at which 10 ransomware variants encrypt data.  The researchers executed 10 samples of each of the 10 variants on four hosts, two running Windows 10 and the other two running Windows Server 2019.  The researchers then measured the speed at which the ransomware encrypted nearly 100,000 files, totaling almost 53GB.  LockBit came out fastest, with speeds 86% faster than the median of 43 minutes.  The fastest LockBit sample encrypted 25,000 files per minute.  The researchers stated that there was a significant variation in speeds between the fastest, which took just four minutes in total, and the slowest variant, which took 3.5 hours.  In order of fastest first, the variants analyzed by Splunk were: LockBit, Babuk, Avaddon, Ryuk, REvil, BlackMatter, DarkSide, Conti, Maze, and Mespinoza (Pysa).  The researchers stated that it may prove to be extremely difficult, if not impossible, for the majority of organizations to mitigate a ransomware attack once the encryption process begins.  The researchers argue that organizations must focus more of their efforts on prevention by spotting the warning signs of a ransomware compromise earlier on.

Infosecurity reports: "Fastest Ransomware Encrypts 100k Files in Four Minutes"