Skip to main content
Cyber News

How Long Does it Take Ransomware to Encrypt a Veterinary Practice?

By March 28, 2022June 9th, 2022No Comments

The question of how long it takes for ransomware to fully encrypt an organization has remained elusive for a long time, including for security researchers and network defenders who work in the veterinary practice industry. Luckily, new research conducted by researchers at Splunk is providing new insight into how long you should expect your veterinary practice’s network and computer systems to be fully encrypted. The research focuses on the time taken by ransomware to encrypt 100,000 files totaling nearly 53 GB in your computer system by analyzing 10 variants of popular ransomware malware, many of which have been used against veterinary practices.

The research was carried out across different Windows operating systems and hardware specifications. To determine the speed of the ransomware encryption, researchers also used a modified version of an attack range lab environment. They executed 10 samples of each of the 10 ransomware variants on four hosts. The operating systems used during this research were the Windows 10 operating system and Windows Server 2019.

The implications of research findings for veterinary practice

The research found that, of the 10 ransomware variants used, it took between four minutes to three and a half hours to encrypt 100,000 files totaling 53 GB. The research also found that the median speed for encryption was 42 minutes. The finding is also an indication of the narrow timeframe that veterinary practices have to respond to an active ransomware attack.

The research was also carried out on computer systems with different specifications. The difference in specifications, such as their RAM, processor speeds, and CPU cores, was also found to have a big impact on the time taken by ransomware to encrypt the files. The research on finding how the same variant was impacted by computer systems with different specifications was, however, inconsistent. Researchers indicated that this could have been a result of some of this ransomware being single-threaded and being unable to take advantage of extra computing resources.

The data from the research offers security experts working in the veterinary practice industry an opportunity to create a comprehensive, high-level response strategy for future attacks. It also offers an insight into what to expect during a ransomware attack. Before the research and the data were released, professional security experts relied on ransomware cybercriminals to indicate the speed of their ransomware. For instance, cybersecurity experts already knew that LockBit ransomware was the fastest in the industry. This was not due to research they had carried out themselves. The data came from the cybercriminals behind the ransomware, who had done their research and optimized their ransomware to encrypt large files of data in under five minutes. The research carried out by Splunk also confirmed the assertions made by LockBit cybercriminals, with the ransomware recording an average of fewer than five minutes to encrypt 100,000 files.

Unfortunately, not all cybercriminals are as open and transparent about their ransomware speeds as LockBit. Hence, during the attacks, the cybersecurity experts had to rely on assumptions for their response.

The research is also a cautionary tale for veterinary practices that have no protection against ransomware attacks. It is also a sign of how things quickly escalate once an attack is successfully carried out. For example, a veterinary practice that has been targeted by LockBit ransomware has little to no time to respond to the attack. This is because it takes less than five minutes to encrypt over 50 GB of data.

The research in Numbers

While the research showed that LockBit was the fastest to encrypt, recording an impressive 4 minutes and 9 seconds. There were other ransomware variants that were also used in the research that had impressive records. They include ransomware such as Babuk which was far behind and recorded an impressive 6 minutes and 34 seconds to encrypt 100,000 files totaling more than 50 GB. Avaddon ransomware also recorded an impressive time of 13 minutes and 15 seconds.

One of the most devastating ransomware attacks that have a history of targeting veterinary practices, the Ryuk ransomware, followed Avaddon with 14 minutes and 30 seconds encryption record. In 2019, the Ryuk ransomware was used to encrypt over 400 veterinary practices across the United States, in what is seen as the largest single-day attack on veterinary practices in history. The affected veterinary practices were associated with the National Veterinary Associates (NVA), and the attack lasted for weeks before a solution was found.

REvil, one of the most prolific ransomware of 2021, was recorded as having a 24 minutes and 16 seconds encryption time. The ransomware has also been used by cybercriminals to attack veterinary practices. BlackMatter ransomware took 43 minutes and 3 seconds to encrypt the files.

The notorious Darkside, which last year was used to attack the Colonial Pipeline and getting paid millions of dollars in ransom recorded an impressive 44 minutes and 52 minutes to encrypt files. Conti, notorious ransomware that targets veterinary practice was also used in the research, and recorded 44 minutes and 52 seconds to encrypt files. At last place was Maze and PYSA ransomware which took almost two hours to encrypt the files.

This data will be useful for cybersecurity experts who work in the veterinary practice industry. The data can help them plan on what to expect during a ransomware attack. For instance, if attacked by LockBit, they probably will have no response, however, ransomware such as Conti can be stopped during a ransomware attack.

 Need help protecting your veterinary hospital from a Ransomware attack?

Schedule a FREE no obligations call today to see how Lucca Veterinary Data Security can help keep your practice safe from cyber crime.

SCHEDULE NOW