According to one research study, the speed of malware encryption is so high that prevention would make more sense than mitigation.

Research has been released that indicates that major ransomware strains such Lockbit, REvil and Blackmatter as can encrypt nearly 100,000 files totaling 53.93GB in 42 minutes and 52 seconds.

At this rate, a successful ransomware infection can leave organizations without access to critical IP, employee information and customer data.  

When it comes to ransomware inflections, many security teams focus on mitigation and response. However, if the rate of ransomware encryption discovered in the research is realistic, it can be safe to say: once an enterprise is hit with a ransomware attack, it may be too late to stop it from spreading, as the encryption speed is beyond the capabilities of most organizations to manage.

Additionally, other findings in the research by SURGe include:

  • Encryption speeds vary between ransomware variants: Individual ransomware samples varied greatly in encryption speed, ranging from four minutes to three-and-a-half hours.
  • LockBit outpaced the pack: The ransomware-as-a-service (RaaS) malware was the fastest variant to encrypt on any system, with speeds 86% faster than the median. The fastest LockBit sample encrypted just under 25K files per minute.
  • Performance of identical ransomware strains can vary across systems. Higher-performance hardware capabilities provided most ransomware samples with faster encryption speeds, but some samples and variants appeared unable to take advantage of multi-threaded processors.
    • Additional memory did not appear to have a significant effect on any samples
    • Higher disk speeds may play a role in faster encryption, but most likely in combination with a variant that can take advantage of additional CPU cores

This research may convince organizations to move away from response and mitigation, and to concentrate on preventing ransomware infections through better patching regimes, asset inventory, multi-factor authentication and automated solutions.