Why Ransomware Timeline Shrinks By 94%?

By   ISBuzz Team
Writer , Information Security Buzz | Jun 02, 2022 03:23 am PST

Researchers at IBM’s X-Force team are reporting a 94% reduction in the duration of an enterprise ransomware attack from 2019 to 2021. Though the overall time was reduced, the attacker’s tools appeared to remain mostly the same. Research showed that ransomware operators were most efficient against enterprises “who have not implemented effective measures to combat the threat of ransomware.”

Key Highlights

The average duration of an enterprise ransomware attack reduced 94.34% between 2019 and 2021:

  • 2019: 2+ months — The TrickBot (initial access) to Ryuk (deployment) attack path resulted in a 90% increase in ransomware attacks investigated by X-Force Incident Response (IR) in 2019.
  • 2020: 9.5 days — Increased initial access broker economy and RaaS industry built upon a repeatable ransomware attack lifecycle established in 2019. Efficiencies adopted such as the ZeroLogon vulnerability to obtain privileged access to Active Directory and CobaltStrike as the C2 framework.
  • 2021: 3.85 days — Large scale malspam campaigns such as with BazarLoader and IcedID and increased speed to transition access to ransomware affiliates like Conti.
Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
June 2, 2022 11:25 am

Similar to the Quantum ransomware attack with a rapid TTR in April, the speed and the use of network as the attack vector is of special concern. Network security has become especially vulnerable for most businesses as infrastructure investment has lagged due to COVID-19 and work from home policies. Governments and enterprises should look to urgently bolster security across 3rd party infrastructure, remote access and sensitive partner connections using advanced techniques from the military space like managed attribution and payload dispersal. These make network resources hard to detect and virtually impossible to breach, protecting against even sophisticated bad actors.

The Cloud and Edge networking world can and should borrow proven principles from the military and RF space such as spread spectrum and frequency hopping to alleviate such concerns and make the environment quantum resistant at multiple levels.

Recent Posts

Would love your thoughts, please comment.x