Ransomware Attacks Getting Quicker

John Lister's picture

The average ransomware attack now takes less than a day from first breaching a system. It's the first time average attacks can be measured in hours, though ironically it may be a sign of better defenses.

The figures comes from researchers at Secureworks, who analyze ransomware attacks. They measure dwell time, which is the period between an attacker first gaining access to a system and deploying the ransomware. That's malware which encrypts files, letting the attackers demand a fee to restore access.

The average dwell time being under a day is a dramatic development as last year the average was four and a half days.

Quick Hits Favored

The researchers cite three possible reasons for the pattern. One is that attackers are now less likely to use a "double extortion event". That's where they make a copy of data before encrypting. That means they can not only demand money to restore system access, but can also threaten to publish sensitive data online. This tactic inherently takes more time between breaching a system and encrypting the files. (Source: theregister.com)

Another reason may simply be that security software is doing a better job of detecting breaches. That gives attackers less time to move to the encryption stage. This theory may be borne out by attackers being less likely to try complex encryption that involves getting access to an entire system.

Ransomware For Hire Services Thriving

The final reason is an increase in the popularity of so-called "ransomware as a service". That's where attackers don't need to create their own malware and attack code, instead hiring what are effectively attack kits. Because these methods are much simpler than individually-crafted tools, the type of people who hire them tend to prefer quick strikes on multiple targets rather than more sophisticated attacks that take longer to carry out. (Source: secureworks.com)

The researchers also found that the majority of attacks still involve either scanning a system for unpatched security holes, or using stolen logins. Both made up around 32 percent of attacks, while around 14 percent involved getting login details through phishing emails.

What's Your Opinion?

Are you surprised ransomware scammers seem to be using a "keep it simple" mindset? Should we be concerned that attacks are getting much quicker? Should businesses and consumers put more efforts into stopping ransomware attacks or in using backups and other techniques that will reduce the impact of a successful attack?

Rate this article: 
Average: 4 (7 votes)