Ransomware Can Encrypt 100,000 Files in Minutes

pcmag.com:

Splunk has tested some of the most common ransomware to see how quickly they can encrypt 53GB worth of files after infecting a system, and it turns out the answer is "pretty quickly."

The company says it loaded up four machines running Windows 10 or Windows Server 2019 with "98,561 test files (pdf, doc, xls, etc.) from a public file corpus." It then measured how long it took 10 samples of 10 popular ransomware families to encrypt all of those files on each system.

So what ransomware family is the fastest? Splunk's testing reveals that it's LockBit, one sample of which encrypted all 53GB worth of data on a Windows Server 2019 machine in just four minutes and nine seconds, with a median time-to-encryption of five minutes and 50 seconds.

Here are the median results for all of the ransomware families Splunk tested:

That means it takes most ransomware less than an hour to encrypt 53GB worth of data after it's deployed. But the attackers would likely be on the network longer as they attempted to compromise as many systems as possible and determine what data they could access.

"Ultimately, this research demonstrates the need for organizations to move away from response and mitigation," Splunk distinguished security strategist Ryan Kovar says in a blog post about the company's findings, "and concentrate on preventing ransomware infections."

The full whitepaper detailing Splunk's findings, "An Empirically Comparative Analysis of Ransomware Binaries," can be downloaded from the company's website.

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our