5 Day Calendar Blank
Ransomware Infection Times Fall From 5 Days to 5 Hours
The amount of time it takes an attacker to infect a system with ransomware has fallen dramatically over the past 12 months.
As The Register reports, the median dwell time (the time from when an attack starts to when ransomware is deployed) was 5.5 days in 2021, then 4.5 days in 2022. However, this year the dwell time has fallen to less than 24 hours. According to the Secureworks annual State of the Threat Report, “in 10% of cases, ransomware was even deployed within five hours of initial access.”
You may be surprised to hear that the reason for this huge reduction in infection time is due in no small part to the cybersecurity industry becoming much better at detecting the activity that precedes a ransomware infection. As a result, Secureworks explains, “threat actors are focusing on simpler and quicker to implement operations, rather than big, multi-site enterprise-wide encryption events that are significantly more complex.”
Add to that the emergence of “several new and very active threat groups,” which has led to significantly more ransomware victims and data leaks this year. So not only are the attacks happening more quickly, there’s also more of them.
The ransomware groups are using three main attack vectors to try and infect systems. The first is scan-and-exploit, which looks for known vulnerabilities in a system that can be taken advantage of. Stolen credentials are also taken advantage of when discovered, and phishing emails are used to try and trick individuals into offering the attackers an easy way into secure systems.
Recommended by Our Editors
Sony is the most recent high-profile target of a ransomware group, but the company has yet to confirm the extent of the infection or data stolen. We’ve also seen a Danish cloud hosting firm lose the majority of its customer data in a ransomware attack, and the LockBit ransomware gang stole the data of 8.9 million dental insurance customers earlier this year. On the bright side, the FBI has managed to dismantle the notorious Qakbot botnet used in many ransomware attacks and was found to be controlling 700,000 infected computers.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.