Researchers at IBM’s X-Force team are reporting a 94% reduction in the duration of an enterprise ransomware attack from 2019 to 2021. Though the overall time was reduced, the attacker’s tools appeared to remain mostly the same. Research showed that ransomware operators were most efficient against enterprises “who have not implemented effective measures to combat the threat of ransomware.”
The average duration of an enterprise ransomware attack reduced 94.34% between 2019 and 2021:
- 2019: 2+ months — The TrickBot (initial access) to Ryuk (deployment) attack path resulted in a 90% increase in ransomware attacks investigated by X-Force Incident Response (IR) in 2019.
- 2020: 9.5 days — Increased initial access broker economy and RaaS industry built upon a repeatable ransomware attack lifecycle established in 2019. Efficiencies adopted such as the ZeroLogon vulnerability to obtain privileged access to Active Directory and CobaltStrike as the C2 framework.
- 2021: 3.85 days — Large scale malspam campaigns such as with BazarLoader and IcedID and increased speed to transition access to ransomware affiliates like Conti.