

Security researchers at Splunk Inc. have studied how quickly common forms of ransomware can encrypt 100,000 files, and the results are disturbing for companies trying to respond and mitigate attacks.
Studying 10 major ransomware strains, including Lockbit, REvil and Blackmatter, the researchers found that the median ransomware variant can encrypt 100,000 files totaling 53.93 gigabytes in 42 minutes and 52 seconds.
But not all ransomware strains are equal. The fastest encryption time recorded was from the infamous Lockbit ransomware, which could encrypt 100,000 files in 5:20, or just under 25,000 files per minute.
Babuk ransomware ranked second place, taking 6:34 to encrypt 100,000 files, followed by Avaddon at 12:15, Ryuk at 14:40 and REvil at 24:16. By comparison, the slowest ransomware in the top 10 studied ,Mespinoza (PYSA), took 1:54:54.
The difference in speed is related to how varying forms of ransomware can take advantage of targeted hardware. Improved hardware capabilities on targeted systems allowed some ransomware to act rapidly, while other variants were unable to take advantage of improved resources and at times performed worse on systems with higher specifications.
Memory did not significantly affect the encryption speed for any of the samples. Higher disk speeds were found to play a possible role in faster execution, but likely in combination with a variant that can take advantage of additional processor cores.
The researchers argue that although security teams focus on mitigation and response when it comes to ransomware infections, the encryption speeds are beyond the capabilities of most organizations. It’s noted that based on this research, if an enterprise is hit with a ransomware attack, it may be too late to stop it from spreading.
“This research demonstrates the need for organizations to move away from response and mitigation, and concentrate on preventing ransomware infections,” the researchers conclude. “Practical steps and strategies organizations can take to prevent infections can include better patching, asset inventory, multifactor authentication and looking for ransomware actors on the network before they deploy their ransomware binaries.
Support our open free content by sharing and engaging with our content and community.
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.