The majority of ransomware attacks now occur between the hours of 1am and 5am in an attempt to catch cybersecurity teams off guard, according to a new report from Malwarebytes.
The security vendor’s 2024 State of Ransomware Report is based on threat intelligence gathered by the company and its ThreatDown detection and response unit during incident response engagements, as well as ransomware leak sites.
It claimed that a majority of the incidents handled by ThreatDown Malware Removal Specialists (MRS) over the past year have occurred in the early hours of the morning. Malwarebytes clarified to Infosecurity that this means the time zone in which the victim organization operates.
The reason for launching attacks at night, and at weekends, is simple: try to ensure there are limited IT staff around to handle detection and response.
Read more on ransomware: Fastest Ransomware Encrypts 100k Files in Four Minutes
To compound the challenge for network defenders, Malwarebytes claimed that it takes less time than ever to complete the entire ransomware attack chain – from initial access to encryption. Where once it usually took weeks to work through all these steps, it is now more like hours, the report claimed. It added that living-off-the-land techniques are now a commonplace way of evading detection by traditional tools.
Chris Kissel, IDC research VP for security & trust, argued that 24/7 managed detection and response is the only way to ensure organizations are covered at all times.
“The question I ask organizations is: do you have someone prepared to stop an attack at 2am on a Sunday with your existing technology stack and staff resources?” he added.
“They may have a tool to pick up the alert on Monday morning, but by then it will be too late. Threat actors are moving fast to compromise networks, download data and deploy ransomware.”
In first and second place in terms of the number of ransomware victims over the past year, the US (63%) and UK (67%) also saw double-digit annual increases in the volume of attacks.
The share of attacks carried out by gangs outside the top 15 also increased from 25% to 31%, highlighting that ransomware is becoming more accessible to a broader range of cybercriminals, Malwarebytes claimed.
Services and manufacturing were the two sectors most targeted by ransomware over the past year, the latter experiencing a massive 71% year-on-year increase in attacks.