- Apr 24, 2016
Researchers have conducted a technical experiment, testing ten ransomware variants to determine how fast they encrypt files and evaluate how feasible it would be to timely respond to their attacks.
Ransomware is malware that enumerates the files and directories on a compromised machine, selects valid encryption targets, and then encrypts the data, so it is unavailable without a corresponding decryption key.
This prevents the data owner from accessing the files, so ransomware attacks are either carried out for data destruction and operational disruption or financial extortion, demanding the payment of a ransom in return for a decryption key.
How fast a device is encrypted is important, as the quicker it is detected, the less damage is done, and the volume of data needing to be restored is kept to a minimum.
The "winner," and the most lethal strain in response time margins was LockBit, achieving an average of 5 minutes and 50 seconds. The fastest LockBit variant encrypted 25,000 files per minute.
LockBit has long bragged on their affiliate promotion page that they are the fastest ransomware for encrypting files, releasing their own benchmarks against over 30 different ransomware strains.
The once-prolific Avaddon achieved an average of just over 13 minutes, REvil encrypted the files in about 24 minutes, and BlackMatter and Darkside completed the encryption in 45 minutes.
On the slower side, Conti needed almost an hour to encrypt the 54 GB of test data, while Maze and PYSA finished in nearly two hours.