/* Encryption Research

Overview

At Druva, our research team analyzes ransomware to develop proactive defense strategies. This intelligence, including IoCs and TTPs, is integrated into the Druva platform to enhance detection and response. Explore how Druva’s intelligence-driven approach secures your organization.

Ransomware Encryption

We provide in-depth analysis of prominent ransomware families, a sample of which is below. Our comprehensive research, updated regularly, covers numerous ransomware families and is available to customers.

thmb-screenshot

Example of a detailed Ransomware Encryption Research

ALPHV (BLACKCAT)

A leading ransomware-as-a-service (RaaS) operation, Alphv is notorious for its Rust-based payload, which enhances performance and evasion. By 2025, its affiliates are known for pioneering triple-extortion tactics, adding DDoS attacks to their threats of data encryption and public leaks.

  • Threat Focus:

    An advanced ransomware syndicate specializing in data exfiltration and multi-layered extortion.

  • Target Scope:

    Large enterprises, with a strategic focus on crippling virtualized infrastructure by targeting VMware ESXi hosts.

  • Encryption Profile:
    • Algorithm: ChaCha20 and RSA.
    • Mode & Technique: Features a highly configurable partial encryption routine, giving its operators flexibility. It encrypts file headers and is selective by file size.
  • Indicators:

    Files are renamed with a random 7-character extension. The ransom note is customized for each victim (RECOVER-[ext]-FILES.txt).