Security News > 2020 > March > Ransomware Is Mostly Deployed After Hours: Report
Most ransomware is deployed after hours, and usually several days after the initial compromise, newly published research from FireEye reveals.
While performing an analysis of dozens of incidents between 2017 and 2019, FireEye discovered common characteristics related to infection vectors, dwell time, and time of day of ransomware deployment, while also identifying innovations that operators adopted to maximize profits.
The time elapsed until the attackers deployed ransomware would range between 0 and 299 days.
"Some attackers possibly intentionally deploy ransomware after hours, on weekends, or during holidays, to maximize the potential effectiveness of the operation on the assumption that any remediation efforts will be implemented more slowly than they would be during normal work hours. In other cases, attackers linked ransomware deployment to user actions," FireEye says.
"We expect that financially motivated actors will continue to evolve their tactics to maximize profit generated from ransomware infections. We anticipate that post-compromise ransomware infections will continue to rise and that attackers will increasingly couple ransomware deployment with other tactics, such as data theft and extortion, increasing ransom demands, and targeting critical systems," FireEye concludes.