This article has been indexed from CSO Online
Cyber criminals, always a clever lot, have found a new way to evade detection when deploying malware.
It’s known as “intermittent encryption” and researchers from Sophos recently discovered Lockfile encrypts alternate bundles of 16 bytes in a document to stay hidden. This novel approach helps the ransomware to avoid triggering a red flag because the new encryption method looks statistically very similar to the unencrypted original.
“They don’t encrypt entire files, they do 16 bytes and then skip 16 bytes. This messes with g-squared process,” says Mark Loman, Director, Engineering, for Next-Gen Technologies at Sophos.
This is the first time that Sophos researchers have seen this approach used in ransomware.
Read the original article: BrandPost: Novel Encryption Technique Helps Lockfile Ransomware Hide in Plain Sight