Index Engines flags rise of polymorphic, shadow-encrypting ransomware

As ransomware operators experiment with polymorphism, shadow encryption, and outright data destruction, storage-focused security vendor Index Engines says traditional detection methods are struggling to keep up.

Index Engines' CyberSense Research Lab is said to automate the collection, detection, and analysis of emerging ransomware threats to continuously train CyberSense machine learning models. The company claims it can detect ransomware corruption signs with 99.99 percent confidence and facilitate clean data recoveries for its thousands of enterprise customers.

Four storage suppliers partner with Index Engines and its CyberSense technology to protect against ransomware attacks: Dell, Hitachi Vantara, IBM, and Infinidat. Index Engines also has a reseller, system integrator, and distribution channel.

Jim McGann, Index Engines CMO, said: "We learned early on that the only way to stay current with emerging ransomware variants is to build a lab that analyzes them daily. This provides confidence that CyberSense remains current with the latest tactics used by bad actors, including new variants generated by advanced AI methodologies."

Research from the lab identified four ransomware development trends:

• Polymorphism, in which code objects can have different types. Ransomware can replace legitimate files with executable content. Ninety percent of lab-analyzed samples were polymorphic.
• Shadow encryption, meaning intermittent, partial, or slow encryption methods to encrypt data in the background and so evade existing file encryption detection methods. Eighty percent of the lab's samples used shadow encryption.
• Corrupted directory structures can result in large numbers of files in the affected directory being lost in a single event.
• Wiper-style ransomware destroys files rather than encrypting them, and more ransomware attacks are prioritizing this vandalism over financial extortion.

Index Engines says its CyberSense software is trained on these emerging approaches and continually updates its machine learning models to maintain currency with new variants as they are encountered.

Compared to CrowdStrike, Index Engines, with its OEM and channel partner business model, has fewer partnerships. But it is focused on data integrity in storage environments, while CrowdStrike has a wider remit, looking at data, user, and system security across endpoints, clouds, and identities.