• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

How Fast Does Ransomware Encrypt Files?

Research from Splunk suggests some ransomware groups have an encryption speed of mere minutes, with LockBit being the fastest.

March 25, 2022 Zachary Comeau Leave a Comment

Andrey Popov/stock.adobe.com

For IT and cybersecurity professionals, ransomware has been the scourge of the earth over the last two years, as the cybercrime economy continues to grow and beat system administrators and network defense pros to the point of attack.

One reason for the difficulty in preventing and responding to ransomware attacks is the speed with which ransomware groups encrypt files and lock users out, with some ransomware families taking just a handful of minutes to encrypt nearly 100,000, according to new research released by IT management software company Splunk.

In a research blog and whitepaper, the San Francisco, Calif. firm analyzed 10 of the most popular ransomware variants and measured the speed at which the malware encrypted 53 GB of data, discovering that the average of the median to be just eight seconds shy of 43 minutes.

Further, all 10 of the most popular ransomware strains can encrypt the same amount of data in less than two hours, which highlights the importance of detection and response in the IT department’s software and competencies.

Splunk said its analysis came after the LockBit ransomware group posted a table on its Tor site listing ransomware encryption speeds for more than 30 ransomware variants, with LockBit 2.0 and LockBit making up the top two fastest to encrypt 100 GB at 4 minutes and 28 seconds and 6 minutes and 16 seconds, respectively.

“We couldn’t leave it to LockBit’s marketing team to only release content like this, so we rolled up our sleeves and got busy building an environment that would allow us to conduct our own ransomware speed tests,” Splunk said in a blog describing the project.

Using the Attack Range project created by Splunk researchers, the company created four victim profiles consisting of Windows 10 and Windows Server 2019 operating systems, each with two different performance specs benchmarked from customer environments. Ten samples each from 10 different ransomware families were chosen to be tested along with the Microsoft Defender detection identifiers from Virus Total.

Samples were tested across the four host profiles, amounting to 400 different ransomware runs. Using native Windows logging, Windows Perfmon statistics, Microsoft Sysmon, Zeek and stoQ, researchers measured the encryption speed of each variant.

Splunk’s analysis confirmed that the  LockBit ransomware is in fact the fastest strain, with a median encryption duration of five minutes and 50 seconds. However, LockBit also recorded the fastest sample, coming in at four minutes and nine seconds.

Babuk, meanwhile, was the second fastest, with a median duration of six minutes and 34 seconds, and also the only other variant analyzed with a median duration of under 10 minutes.

The research found that all of the 10 most popular ransomware variants have a median encryption duration of under two hours, and eight logged a median duration under one hour.

Since ransomware can encrypt files in the blink of an eye, Splunk suggests organizations start looking “left of boom,” and assess capabilities to prevent or detect the ransomware’s behavior.

The company also calls on IT admins and security professionals to adopt what are now baseline cybersecurity strategies, including multi-factor authentication, network segmentation, patching and centralized logging.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Cybersecurity, LockBit, ransomware, Splunk

Related Content:

  • AI Automation burnout What is It About AI That Brings Excitement,…
  • A woman on a videoconference call, AI, videoconferencing AI’s Revolutionary Impact on the Videoconferencing Experience
  • People using Jabra videobar with Microsoft Intelligent Speaker feature. Jabra Integrates Microsoft Intelligent Speaker Feature in its…
  • Shure logo Shure Microflex Advance MXA920 & MXA902 Receive Google…

Free downloadable guide you may like:

  • Creating Great User Experience and Ultimate Flexibility with Clickshare

    Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When designing the office spaces – and meeting spaces in particular – enabling that connection between co-workers is crucial. Introducing the right collaboration technology in meeting spaces is the biggest challenge for IT managers […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Advertise with Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSDO NOT SELL MY PERSONAL INFORMATIONTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.