The data comes from the patented CyberSense® Research Lab, which monitors thousands of new ransomware variants daily to maintain a 99.99% confidence level in detecting data corruption tactics

Holmdel, NJ – February 24, 2026 – 인덱스 엔진, the leader in cyber resilience, today shared the latest ransomware trends from its CyberSense® Research Lab, which reveals threat actors continue to advance their approaches with more sophisticated variants.

The research showed continued, growing use of polymorphism, shadow encryption, and directory corruption—techniques engineered to bypass traditional defenses, prolong dwell time, and significantly complicate investigation and recovery efforts.

“We learned early on that the only way to stay current with emerging ransomware variants is to build a lab that analyzes them daily,” Index Engines CMO Jim McGann said. “This provides confidence that CyberSense remains current with the latest tactics used by bad actors, including new variants generated by advanced AI methodologies. As a result, our customers can trust that CyberSense data integrity scans will not be circumvented by new and innovative corruption methodologies.”

The 사이버센스 연구소 (Patent #12248574) automates the collection, detection, and analysis of emerging ransomware threats to continuously train its CyberSense MLMs, which detect signs of ransomware corruption with 99.99% confidence and facilitate a clean recovery for thousands of organizations worldwide.

Through this ongoing research, the company identified four notable developments in ransomware behavior during the fourth quarter of 2025:

• High prevalence of polymorphic ransomware: Nearly 90% of samples analyzed exhibited polymorphic behaviors, including variants that replace legitimate files with executable content. These approaches can significantly extend the investigation and recovery process and increase the risk of reinfection.
• Widespread adoption of shadow encryption techniques: Approximately 80% of ransomware variants analyzed employed intermittent, partial, or slow encryption methods, up 33% from Q2 2025. These techniques are designed to avoid traditional detection mechanisms while quietly corrupting data over time.
• Emergence of directory structure corruption: New variants target directory structures rather than individual files to speed up corruption and maximize business disruption. By impacting large, logically grouped data sets at once, these attacks complicate investigation and recovery efforts.
• Emergence of wiper-style ransomware: The research lab observed a subtle rise in ransomware variants that prioritize destructive data corruption over financial extortion. These attacks present as ransomware but behave like wipers, aiming to cause irreversible corruption.

CyberSense is trained on these emerging approaches and continually updates machine learning models to maintain currency with new variants as they are launched.

CyberSense is delivered through strategic partnerships with leading technology vendors and as is available as part of Dell Technologies PowerProtect Cyber Recovery, IBM Storage Defender Sentinel, Hitachi Vantara Ransomware Detection Powered by CyberSense, and Infinidat Infinisafe Cyber Detection powered by CyberSense.

“Our research lab exists to stay ahead of how ransomware behaves in the real world,” McGann added. “By continuously analyzing how these attacks evolve, we’re helping organizations move from reactive recovery to informed, confident decision making when it matters most.”

# # #

색인 엔진에 대하여
인덱스 엔진(Index Engines)은 사이버 복원력 분야의 전문 기업으로, 신뢰할 수 있고 안정적인 데이터를 제공하는 인프라 구축을 지원합니다. 당사의 선도적인 솔루션인 ‘사이버센스(CyberSense)’는 랜섬웨어 감염 탐지에 대해 99.99% 수준의 SLA를 보장합니다. 사이버센스는 끊임없이 변화하는 사이버 환경 속에서 기업이 자신 있게 사이버 위협에 대응하고, 위험을 완화하며, 신속하게 정상적인 업무 운영으로 복귀할 수 있도록 지원합니다. 자세한 내용은 다음을 참조하십시오. www.indexengines.com.