Ransomware Infects Faster, But Gangs Suffer Setbacks

PC Magazine reports that the time between a ransomware attack and systemic infection (dwell time) has fallen drastically. In 2021 it averaged 5 days and some hours. That dropped to a little more than four days in 2022. Now it is less than 24 hours, in many cases about five hours.

That’s the bad news. The good news is that the shorter dwell time is in part due to the cybersecurity industry becoming much better at detecting activity that precedes a ransomware infection. This is forcing bad actors to focus on simple operations that are quick to implement, rather than multi-site encryption of entire enterprises, which is more complex and slower.

Additionally, new threat groups have emerged in 2023, claiming more victims and data leaks using attack vectors such as S\scan-and-exploit, which searches out known vulnerabilities in a system. Stolen credentials are another common vulnerability, and phishing emails are still a reliable way to trick individuals into showing attackers the easy way into secure systems.

Sony recently fell victim to a new ransomware group named RansomedVC, which claims to have compromised all of the company’s systems and offered to sell stolen data. Sony has launched an investigation but has yet to confirm the extent of the infection or data stolen.

On August 29, the FBI and the Justice Department announced a multinational operation to disrupt and dismantle the malware and botnet known as Qakbot. “The FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees,” said FBI Director Christopher Wray. “The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.”