Ransomware Infection Times Fall From 5 Days to 5 Hours

pcmag.com:

The amount of time it takes an attacker to infect a system with ransomware has fallen dramatically over the past 12 months.

As The Register reports, the median dwell time (the time from when an attack starts to when ransomware is deployed) was 5.5 days in 2021, then 4.5 days in 2022. However, this year the dwell time has fallen to less than 24 hours. According to the Secureworks annual State of the Threat Report, "In 10% of cases, ransomware was even deployed within five hours of initial access."

You may be surprised to hear that the reason for this huge reduction in infection time is due in no small part to the cybersecurity industry becoming much better at detecting the activity that precedes a ransomware infection. As a result of this, Secureworks explains, "threat actors are focusing on simpler and quicker to implement operations, rather than big, multi-site enterprise-wide encryption events that are significantly more complex."

Add to that the emergence of "several new and very active threat groups," which has led to significantly more ransomware victims and data leaks this year. So not only are the attacks happening more quickly, there's also more of them.

The ransomware groups are using three main attack vectors to try and infect systems. The first is scan-and-exploit, which looks for known vulnerabilities in a system that can be taken advantage of. Stolen credentials are also taken advantage of when discovered, and phishing emails are used to try and trick individuals into offering the attackers an easy way into secure systems.

Sony is the most recent high-profile target of a ransomware group, but the company has yet to confirm the extent of the infection or data stolen. We've also seen a Danish cloud hosting