Hackers are now striking with ransomware within 24 hours of gaining initial access to their victims’ networks, a sharp decrease from the previous year’s 4.5-day average.
A recent threat report indicates that cybercriminals are now deploying ransomware within just one day of initially compromising their targets, marking a significant reduction from the 4.5 days it took them last year.
Cybersecurity firm Secureworks warns that 2023 could see an unprecedented surge in ransomware attacks, with three times as many victims appearing on leak sites in May compared to the same month in the previous year.
Secureworks emphasizes the need for a cautious interpretation of leak site data. However, it underscores that the persistence of ransomware and data-theft extortion activities underscores their viability as criminal business models and a substantial threat to businesses.
Secureworks also disclosed that hackers managed to execute their malware within just 24 hours of breaching the victim’s computer network in over 50% of its incident response engagements.
The median dwell time has drastically decreased from 4.5 days in the previous year, and in 10% of cases, ransomware was deployed within just five hours of initial access.
The reduction in median dwell time is because cybercriminals want to minimize the risk of detection. The cybersecurity industry has become more proficient at spotting precursor activities to ransomware attacks. Consequently, threat actors are now focusing on simpler and quicker operations, rather than complex, multi-site enterprise-wide encryption events, according to Don Smith, VP of Threat Intelligence at Secureworks Counter Threat Unit.
Despite the continued presence of familiar threat actors, the emergence of new and highly active threat groups is contributing to a significant increase in victims and data leaks. Cybercriminals, known for their adaptability, continue to evolve their tactics, ensuring that the threat landscape remains dynamic and challenging.
Related stories:
