New Research from Index Engines™ Shows Ransomware Continues Shift Towards Polymorphism, Shadow Encryption, and Wiper-Style Attacks

The data comes from the patented CyberSense^® Research Lab, which monitors thousands of new ransomware variants daily to maintain a 99.99% confidence level in detecting data corruption tactics

HOLMDEL, N.J., Feb. 24, 2026 /PRNewswire/ — Index Engines, the leader in cyber resilience, today shared the latest ransomware trends from its CyberSense^® Research Lab, which reveals threat actors continue to advance their approaches with more sophisticated variants.

The research showed continued, growing use of polymorphism, shadow encryption, and directory corruption—techniques engineered to bypass traditional defenses, prolong dwell time, and significantly complicate investigation and recovery efforts.

“We learned early on that the only way to stay current with emerging ransomware variants is to build a lab that analyzes them daily,” Index Engines CMO Jim McGann said. “This provides confidence that CyberSense remains current with the latest tactics used by bad actors, including new variants generated by advanced AI methodologies. As a result, our customers can trust that CyberSense data integrity scans will not be circumvented by new and innovative corruption methodologies.”

The CyberSense Research Lab (Patent #12248574) automates the collection, detection, and analysis of emerging ransomware threats to continuously train its CyberSense MLMs, which detect signs of ransomware corruption with 99.99% confidence and facilitate a clean recovery for thousands of organizations worldwide. 

Through this ongoing research, the company identified four notable developments in ransomware behavior during the fourth quarter of 2025:

• High prevalence of polymorphic ransomware: Nearly 90% of samples analyzed exhibited polymorphic behaviors, including variants that replace legitimate files with executable content. These approaches can significantly extend the investigation and recovery process and increase the risk of reinfection.
• Widespread adoption of shadow encryption techniques: Approximately 80% of ransomware variants analyzed employed intermittent, partial, or slow encryption methods, up 33% from Q2 2025. These techniques are designed to avoid traditional detection mechanisms while quietly corrupting data over time.
• Emergence of directory structure corruption: New variants target directory structures rather than individual files to speed up corruption and maximize business disruption. By impacting large, logically grouped data sets at once, these attacks complicate investigation and recovery efforts.
• Emergence of wiper-style ransomware: The research lab observed a subtle rise in ransomware variants that prioritize destructive data corruption over financial extortion. These attacks present as ransomware but behave like wipers, aiming to cause irreversible corruption.

CyberSense is trained on these emerging approaches and continually updates machine learning models to maintain currency with new variants as they are launched.

CyberSense is delivered through strategic partnerships with leading technology vendors and as is available as part of Dell Technologies PowerProtect Cyber Recovery, IBM Storage Defender Sentinel, Hitachi Vantara Ransomware Detection Powered by CyberSense, and Infinidat Infinisafe Cyber Detection powered by CyberSense.

“Our research lab exists to stay ahead of how ransomware behaves in the real world,” McGann added. “By continuously analyzing how these attacks evolve, we’re helping organizations move from reactive recovery to informed, confident decision making when it matters most.”

About Index Engines
At Index Engines, we are experts in Cyber Resiliency, helping organizations build an infrastructure where trusted data is available and reliable. Our leading solution, CyberSense, provides a 99.99% SLA for detecting ransomware corruption. CyberSense empowers organizations to confidently navigate cyber challenges, mitigate risks, and quickly recover to normal business operations in the ever-evolving cyber landscape. For more information, visit www.indexengines.com.

View original content to download multimedia:https://www.prnewswire.com/news-releases/new-research-from-index-engines-shows-ransomware-continues-shift-towards-polymorphism-shadow-encryption-and-wiper-style-attacks-302694885.html

SOURCE Index Engines