Lockbit Beats Conti and Ryuk in Encryption Speed Test

Putting ransomware to the test

• The study conducted by Splunk involved 10 samples each of 10 ransomware families.
• The ransomware families included Avaddon, Babuk, BlackMatter, Conti, DarkSide, LockBit, Maze, Mespinoza (PYSA), REvil, and Ryuk. 
• These samples were executed on four hosts - two running Windows 10 and the other two running Windows Server 2019.
• After execution, the researchers measured the time the ransomware families took to encrypt nearly 100,000 files with a total size of approximately 54 GB. 
• The results showed that LockBit was the fastest with 5 minutes and 50 seconds, followed by Babuk at 6 minutes and 34 seconds.
• The notorious Conti encrypted files in just under an hour.
• Maze and Mespinoza were the slowest ones, taking around two hours to encrypt files.
• The average time across all strains was 43 minutes. According to researchers, forty-three minutes is an extremely limited window of opportunity for mitigation, considering the previous studies that found that the average time to detect compromise is three days.

Other insights

• The analysis also showed that only some ransomware takes advantage of better hardware to speed up the encryption process. 
• One of these factors is related to the storage disk speed. The better is the storage disk speed, the faster is the encryption process. 
• The report also highlighted that some families utilized increased system resources such as CPU time as part of the encryption process. 

The bottom line