A new ransomware threat called LockFile has been victimizing enterprises worldwide since July. Key to its success are a few new tricks that make it harder for anti-ransomware solutions to detect it.
The threat uses what researchers from antivirus vendor Sophos call “intermittent encryption,” meaning it only encrypts chunks of data inside a file instead of its complete contents. This speeds the encryption process, or better said data corruption process, significantly but also tricks ransomware protection systems that rely on statistical analysis to detect potentially unauthorized file encryption.
[ Learn how recent ransomware attacks define the malware's new age and 5 reasons why the cost of ransomware attacks is rising. | Get the latest from CSO by signing up for our newsletters. ]
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
