Disaster Recovery Journal Spring 2025

n Knowing the email system used allows hackers to exploit known vulnerabilities to enter the organization. n Once inside, knowing who works at an organization

they often demand ransoms of more than $1 million from large organizations. This has resulted in ransomware vic tims paying out more than $1 billion in 2023, with 2024 on pace to exceed this amount. Adding insult to injury, organizations receive no guar antees paying the ransom will achieve the desired results. The decryption key provided may not work, or the hacker may still release or sell the stolen data. In either case, ransomware incurs substan tial, unexpected costs without ensuring a successful resolu tion.

This technique has the same net effect as encrypting an entire file, making it unread able and unusable. However, intermittent encryption incurs less system overhead since it only encrypts small chunks of each file. In doing so, inter mittent encryption may evade common methods used to detect ransomware. These evolving attack meth ods have decreased the effective ness of perimeter cybersecurity solutions in detecting ransom ware. This puts the onus on organizations to identify solu tions that can help detect these customized, harder-to-find ran somware strains.

Intermittent Encryption Knowing that hackers develop ransomware specific to their organization repre sents only part of the threat. Hackers know that organiza tions can detect and recover from ransomware that deletes or encrypts all production data. This has prompted hackers to make ransomware more diffi cult to detect. Some ransomware strains employ an algorithm that encrypts data at a very granu lar level. Known as intermit tent encryption, it does not encrypt entire files. Instead, it only encrypts components of a file as small as 16 bytes.

permits ransomware to attempt access to applications using their credentials.

n Understanding the

technologies an organization uses enables ransomware to target specific application vulnerabilities and login credentials. Hackers take time to research specific organiza tions because, if successful,

28 DISASTER RECOVERY JOURNAL | SPRING 2025