Intermittent encryption only encrypts parts of the targeted files' content. This would leave the data unusable, while drastically reducing the encryption time required. Since the encryption is partial, automated detection tools which mostly spot signs of trouble in the form of file IO operations are expected to be less useful.
This tactic is used by Black Basta, PLAY, Agenda, Qyick, and ALPHV (BlackCat) ransomware gangs. These groups are promoting intermittent encryption tactics to lure potential affiliates to join RaaS operations.
Intermittent encryption has major advantages in favor of cybercriminals.
It is expected more threat groups may switch to this tactic in the near future. Therefore, organizations are suggested to invest more in anti-ransomware solutions with behaviour-based detection as well as a reliable backup of sensitive information to reduce the associated risks.