New Technique to Fool Ransomware Protection

A novel ransomware technique called “intermittent encryption” has emerged. It compromises Windows Servers using malware that scrambles every alternate 16 bytes of a file, which allows it to evade ransomware defences. The technique, called LockFile, is effective against software that relies on inspecting content using statistical analysis to detect encryption. It also terminates processes associated with virtualization software and databases via the Windows Management Interface, then encrypts critical files, and displays a ransomware note that is stylistically similar to LockBit 2.0. It is programmed to delete itself from the system after encrypting all the documents on the machine, leaving no ransomware binary for incident responders or antivirus software to find or erase.