Attackers achieve more in less time.
The average time to ransom from infection has reduced to as little as four to six hours.
According to an analysis by Huntress, the average time-to-ransom is around 17 hours. The time is determined by the number of actions attackers took inside the environment after the initial compromise: these include malicious actions such as network scans for reconnaissance, lateral movement, credential dumping for privilege escalation, running scripts, executing terminal commands, downloading additional payloads, and exfiltrating files.
“Attackers focusing on extortion, data theft, and espionage tend to perform more actions, with pivoting, data harvesting, and exfiltrating being those extra activities,” the researchers wrote.
“Attackers who rely on receiving ransomware payments for decryption tend to perform a lower number of actions as they’re basically smashing and grabbing.”
According to CSO Online, this pace is in stark contrast to how major ransomware groups operated before the double extortion trend took off several years ago, when they would lurk inside victim networks for days or weeks to build greater access and gain complete control.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
