The ransomware encryption speed test conducted by Splunk involved ten samples from ten ransomware families, which were run on four different ‘victim’ profiles. From a total of 400 test runs, a sample from LockBit running on a Windows Server 2019 machine emerged as the fastest ransomware, encrypting all 53GB of test data in just four minutes and nine seconds. This test data consisted of 98,561 files, comprising pdfs, and excel and word documents. Meanwhile, the ransomwares were tested on a Windows 10 and Windows Server 2019 machine and included samples from REvil, Darkside, Babuk, Maze, LockBit, and several others. LockBit not only had the fastest sample, but also came out first overall in terms of median duration.
The interestingly named ‘Babuk’ ransomware emerged second overall, though it had its reputation spoiled somewhat by having the slowest individual sample that took over three and a half hours for file encryption. Splunk also shared a whitepaper (requires a business email to download), offering a comprehensive look at this research. As for strategies to adopt in case of a ransomware attack, the company advises using multi-factor authentication, network segmentation, centralized logging, and keeping systems patched.
