Lockbit turned out to be the fastest ransomware virus

Lockbit turned out to be the fastest ransomware virus – almost 25,000 files per minute

Analysts from the data processing company Splunk learn the speed of the most common ransomware programs. The record holder was the Lockbit algorithm, which encrypts almost 25,000 files per minute.

Image Source: Pete Linforth / pixabay.com

Image Source: Pete Linforth / pixabay.com

Several ransomware families were examined as test subjects, including Lockbit, Conti, and Revil. The effectiveness of the malware varied widely, but the median for encrypting around 100,000 files with a total volume of 53.93 GB was 42 minutes and 52 seconds. The Lockbit algorithm was the fastest – 86% faster than the median; The most efficient example program encrypts almost 25,000 files in less than a minute. The authors of the project are convinced that the results of the study are not only of statistical interest – the data can be used to optimize protection against ransomware. The company promised to publish the report in a dedicated section of its website.

As part of the study, experts selected the 10 most common ransomware families and took 10 copies of binaries in each of them. Private areas on Amazon Web Services were chosen as the test location, where all malware samples were run on four hosts: two running Windows 10 and two running Windows Server 2019. All performance telemetry was streamed to a central instance for further analysis.

Ransomware families were selected from the VirusTotal database based on their prevalence over the past two years. The “finalists” were LockBit, Babuk, Avaddon, Ryuk, REvil, BlackMatter, Darkside, Conti, Maze, and Mespinoza. The average runtime of LockBit ransomware was the shortest of all – it was 5 minutes and 5 seconds. It is noteworthy that this time practically did not depend on the configuration of the virtual machine. The result turned out to be logical, since the LockBit malware family encrypts only 4 KB of each file, violating the integrity of the data, and then moving on to the next, while the rest of the representatives of this “zoo” encrypts the entire files, which, predictably, takes longer . The Mespinoza family was the slowest with an average time of just under 2 hours.


About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment