Selective encryption is a ransomware tactic that encrypts only chosen files instead of every accessible file. Attackers often prioritize recently changed documents, databases, project files, or other active data because those items are more likely to disrupt daily operations and force a faster response. By avoiding full-volume encryption, malware can finish sooner, reduce noise, and sometimes evade simple behavioral detection.
In cyber security, this matters because defenders cannot assume that a small amount of encrypted data means limited impact. A targeted set of files may contain the most valuable or hardest-to-recreate information. In real incidents, selective encryption can be paired with file-type filters, timestamp checks, or directory targeting to hit live business data first. Defenses focus on rapid detection, protected backups, endpoint telemetry, and preserving evidence early, since selective attacks may leave fewer obvious signs than broad encryption.