In today's digital landscape, data security is of paramount importance. One of the many tools used to secure data is encryption, a process of converting information into an unreadable format to prevent unauthorized access. But what if we take this a step further? Enter, Intermittent Encryption.

Intermittent encryption, as the name suggests, is a process in which data encryption occurs at irregular intervals. It’s a data security technique where data is sporadically encrypted and decrypted as it travels across a network.

It refers to a method utilised by ransomware that doesn't encrypt the entirety of each file, but instead it selectively encrypts segments of each file, often blocks of a uniform size, or merely the initial portions of targeted files.

The surge in intermittent-encryption ransomware incidents can be attributed to its major advantage: enhanced encryption speed.

The task of encrypting an entire enterprise's files can be time-consuming, and with security tools progressively adept at identifying ongoing cyberattacks, intermittent encryption ransomware can affect a larger number of files in a shorter duration by only targeting a portion of the company's data. 

The increasing ubiquity of this form of ransomware is also due to the support of the ransomware-as-a-service (RaaS) sector. This service allows cybercriminals to bypass the complexities of malware coding by simply subscribing to an existing partial encryption ransomware variant. Consequently, the victim count of intermittent encryption ransomware has escalated into hundreds, encompassing sectors such as finance, higher education, and healthcare, causing firms to potentially incur losses amounting to hundreds of thousands of dollars.

Attackers use intermittent encryption as a cloak of invisibility, a means to blend in, and a method to bypass traditional security systems. It's a technique that underlines the ever-evolving complexity of cyber threats and the need for continual advancements in cybersecurity measures. For cyber-criminals, it has significant advantages and fundamentally no downsides which is why more ransomware gangs are adopting this approach. 

Guarding against the unpredictable nature of intermittent-encryption ransomware requires a comprehensive strategy. As it's a complex threat, the approach to combating it should be multi-dimensional.

Ensuring endpoint security products are optimized to differentiate between legitimate and malicious activities is crucial.

Equally as important is the establishment of a defense-in-depth strategy, and a strong cybersecurity culture throughout the organization, to stay ahead of ransomware's constant evolution.

• Regular data backups: One of the most effective ways to reduce the damage from an attack is consistent data backups, ideally stored on media which is disconnected from the network, and which are also encrypted and tested for recovery integrity at least every six months. Whether you use traditional on-premises storage or cloud-based storage, ensuring these locations are immune to ransomware is important. Remember, ransomware can lurk in systems for weeks, infecting both backups and primary data sources.
• System updates and patches: Keeping your software, operating system, and security tools updated is essential to avoid being vulnerable to newly discovered exploits.
• Employee education: Regular training for employees can help them identify phishing scams, maintain strong password hygiene, and adopt safer online habits. Despite advancements in technology, human error is still a primary entry point for cyberattacks.
• Trustworthy software use: Invest in high-quality anti-virus, anti-malware, and endpoint monitoring tools that can identify and neutralize ransomware threats.
• Incident response plan: No cybersecurity measures are foolproof. Even with stringent precautions, a ransomware attack may occur. This makes it crucial to have a well-structured incident response plan, which includes procedures for incident reporting, isolating compromised devices, and restoring critical systems.

Our cyber insurance solution goes further 

What’s best for businesses of every size – small, medium, and blue-chip – is to plan for every eventuality, even a dreaded data breach. Any form of attack though could significantly impact a company, both financially and operationally, which is when cyber insurance could prove invaluable. 

Our own product provides businesses with a simple, robust solution for a range of first party and third-party risks related to cyber-attacks, all backed by strong breach response and restorative support services.

We hope you agree on the importance of learning more about the world of cyber and its risks. To this end, we’ve created Decoding Cyber, an education tool designed to help brokers talk to their clients about cyber risks and coverage with confidence. 

By continuing to supply brokers with insightful thought-leadership and engaging content, we can help increase awareness of the cyber threats that businesses face and increase cyber resilience within our industry and beyond.

_Disclaimer

_{The information provided in this content is intended for UK insurance brokers acting on behalf of their prospective or existing clients.}

_{Any description is for general information purposes only and does not constitute an offer to sell or a solicitation of an offer to buy any product. Policyholders who have questions or wish to arrange or amend cover should contact their insurance broker. Insurance brokers can find details of how to contact us here.}

_{Any descriptions of coverage contained are meant to be general in nature and do not include nor are intended to include all of the actual terms, benefits, and limitations found in an insurance policy. The terms of any specific policy will instead govern that policy. Any guidance for UK insurance brokers is intended to provide general information only, and should not be used as a substitute for legal advice.}