FireEye recently published a report about the rise of “human-operated ransomware attacks.” According to their study, these types of attacks, which wait for human direction before encrypting data rather than beginning encryption as soon as a network is breached, are up 860% since 2017. It’s part of a larger trend of increasingly sophisticated ransomware, which we’ve also seen start to blackmail organizations in addition to locking them out.
But one chart stood out to me from this report:
One of the takeaways was that most of these human-operated attacks occur at night or the weekend. This is indeed a major problem for IT organizations, it delays mitigation and recovery efforts, as well as potentially allows for the ransomware to spread deeper into an organization. But after looking at this chart, something stood out to me.
The headline is that 76% of ransomware attacks occur outside of work hours. But if you look at hours in a given week, 70% of hours occur outside of work hours. If ransomware attacks occurred randomly, wouldn’t the total number of occurrences look similar given enough volume? Luckily, there is a better data visualization to prove FireEye’s point.
This chart does a much better job getting the point across, with a clear target being painted at off hours (although 11pm seems a bit too early to ensure that a admin wouldn’t get some kind of notification).
Ultimately, this study makes a fantastic case for better monitoring integrated into automation as the best way to protect against ransomware. If attackers are targeting off-hours as the best chance for success, it tells me that too many organizations either don’t have a ransomware mitigation and recovery plan in place or it requires too much human interaction to really be effective.
- Catching Up On Microsoft Build 2020 | Gestalt IT Rundown: May 20, 2020 - May 20, 2020
- Checksum: Episode 2 – Is IoT Security a Nightmare? - May 18, 2020
- AWS Rolls Out Graviton2 M6g instances - May 18, 2020
- The Three Philosophies of SolarWinds APM - May 15, 2020
- Rubbing Salt In the Exploit - May 15, 2020
- Dell EMC Unifies Midrange Storage with PowerStore | Gestalt IT Rundown: May 13, 2020 - May 13, 2020
- Riverbed Wasn’t Built In a Day - May 12, 2020
- Checksum: Episode 1 – Why Did Nvidia Buy Mellanox? - May 11, 2020
- How Do You Start Learning About Containers? - May 11, 2020
- Why Did Nvidia Buy Cumulus Networks? | Gestalt IT Rundown: May 6, 2020 - May 6, 2020