By Zac Amos, Features Editor,

Ransomware is evolving with intermittent encryption, IABs (initial access brokers), and other new technologies that will transform cyber security in the months and years ahead. As cyber security advances, hackers are developing new tactics and changing how they launch ransomware attacks. Five new and emerging ransomware tactics pose particular threat.

New and emerging ransomware tactics

Ransomware attacks have been on the rise for the past few years as never before. Research shows that phishing attacks – the primary method of starting a ransomware attack – rose 61% from 2021 to 2022. Additionally, the rise of spear phishing can be particularly dangerous for businesses, since hackers can use this tactic to target personnel with high authority and clearance levels.

Hackers aren’t just launching more attacks – they’re also changing the way that they attack. Several new and emerging ransomware tactics are on the rise. Here’s a look at the top five that everyone should be aware of.

1. Intermittent encryption

The intermittent encryption strategy is one of the most popular emerging ransomware tactics today. By only encrypting part of the content in a victim’s files, hackers can make their ransomware faster and more difficult to detect. Yet, the victim’s files are still rendered unusable.

For hackers, the benefit of intermittent encryption is that it reduces the workload and improves the performance of ransomware. Since files aren’t being completely encrypted, anti-malware programs may have a more challenging time detecting the ransomware. By the time they do, if at all, the intermittent encryption has run so fast that it’s already too late.

2. Initial Access Brokers (IABs)

Initial Access Brokers, or IABs, are a growing population in ransomware groups, but they don’t make ransomware themselves. Instead, these hackers specialize in breaching businesses’ networks and stealing login credentials. Then, they sell these credentials to hackers for use in deploying ransomware.

As a result, IABs may be difficult to detect. They aren’t launching attacks themselves, just sneaking into businesses’ networks. IABs may be contributing to rising rates of ransomware by making it easier for hackers to launch their attacks. There were an estimated 236.1 million ransomware attacks globally in the first half of 2022 alone.

More proactive identity and access controls, in addition to network activity monitoring, may help catch and prevent breaches by IABs. Multi-factor authentication is also a crucial security feature for deterring IABs.

3. Shifting ransomware targets

In addition to the technology, the social aspect of ransomware activity is changing. Hackers are choosing a wider pool of targets and shifting their efforts to lower-profile targets with a higher chance of success. Sadly, schools have become a particularly popular target.

This stems from the fact that schools at all levels collect large amounts of personal information from students, staff, and families. At the same time, educational institutions often lack the funding to implement and retain top-notch cyber security. Plus, if a school’s systems do go offline, it can have serious implications; grinding activities and classes to a halt and potentially endangering students.

Hackers leverage all of these factors in their attacks. For them, it is essentially a no-lose scenario: Either the victim pays the ransom or the hacker sells stolen personal information on the Dark Web, causing panic among  parents and students. This puts schools in a difficult situation since some experts say that paying the ransom is not the right move, despite the consequences.

4. Data exfiltration and deletion

Hackers are also changing the way that they hold victims’ data hostage. Some hackers have shifted to using data exfiltration and deletion rather than encryption. This tactic completely wipes the stolen data from victims’ devices, making it impossible for them to potentially decrypt the data on their own or with the help of a decryption program.

Data exfiltration and deletion may not be much faster than encryption, but the main benefit here is the sheer power it gives attackers. It leaves victims with literally no choice – they either pay the ransom or the hacker keeps their data forever, period.

As this tactic increases in popularity, anti-malware programs will need to be updated to include features designed to detect and prevent this new kind of ransomware.

5. Fileless attacks

Fileless attacks are among the most covert emerging ransomware tactics. This type of ransomware tactic doesn’t use malware at all. Instead, it exploits legitimate, trusted programs in order to avoid detection by anti-malware programs.

Since the ransomware is disguised as a trusted, white-listed program, the anti-malware program ignores it. Meanwhile, the ransomware runs encryption algorithms and locks down the victim’s data. Fileless attacks pose a particular challenge for anti-malware programs. Down the road, these programs may need to start using a zero-trust policy for software and even inspect trusted programs for suspicious activity.

Staying alert amid new ransomware risks

These new and emerging ransomware tactics can certainly be distressing, but the tried and tested principles for avoiding ransomware remain the same. Users should continue to be careful about the pages that they visit online, the links they click on, and the files they download. Rising rates of phishing attacks are a hint that should prompt users to be particularly vigilant about ignoring suspicious emails. Ultimately, to avoid becoming a victim of ransomware, stay smart and alert when going online, and ensure that you have the right security tools in place.

For more from’s Features Editor, Zac Amos, click here. Lastly, to receive cutting-edge cyber security news, exclusive interviews, expert analyses and security resources, please sign up for the newsletter.