Security News > 2022 > March > Ten notorious ransomware strains put to the encryption speed test
Researchers have conducted a technical experiment, testing ten ransomware variants to determine how fast they encrypt files and evaluate how feasible it would be to timely respond to their attacks.
Ransomware is malware that enumerates the files and directories on a compromised machine, selects valid encryption targets, and then encrypts the data, so it is unavailable without a corresponding decryption key.
During these tests, the researchers evaluated the encryption speed against 98,561 files totaling 53GB using various tools, such as native Windows logging, Windows Perfmon statistics, Microsoft Sysmon, Zeek, and stoQ. The host system hardware and OS configurations varied to reflect a realistic corporate network setting, and the analysts measured all encryption times and derived the median speed of encryption for each variant.
The total median time for all 100 different samples of the ten ransomware strains on the test rigs was 42 minutes and 52 seconds.
LockBit has long bragged on their affiliate promotion page that they are the fastest ransomware for encrypting files, releasing their own benchmarks against over 30 different ransomware strains.
Since most ransomware groups hit during weekends when the IT teams are understaffed, most encryption attempts are completed successfully, so the time for encryption shouldn't be a significant consideration for defenders.