"Speed Demons: Ransomware Attackers' Dwell Time Shrinks"
According to Sophos security researchers, ransomware actors are moving faster than ever to execute malicious encryption. In the first half of 2023, the median dwell time for ransomware incidents decreased from nine days to five days, while the median dwell time for all non-ransomware incidents increased from 11 to 13 days. According to Chester Wisniewski at Sophos, improved endpoint detection is probably why ransomware hackers are acting faster. In order to crypto-lock systems on a network using ransomware, attackers must be able to release their malware before defenders detect their intrusion and attempt to block it. To reduce the time required to move from intrusion to encryption, ransomware groups continue to explore methods for moving more quickly, such as intermittent encryption, which encrypts only parts of files. This article continues to discuss findings regarding ransomware attackers' dwell time shrinking.
BankInfoSecurity reports "Speed Demons: Ransomware Attackers' Dwell Time Shrinks"