The window for intrusion detection keeps getting shorter as ransomware group’s time-to-ransom (TTR) accelerates.
Ransomware gangs are operating much more quickly than before, leaving less time for organizations to detect them.
According to analysis of ransomware incidents over the past year, the average time-to-ransom (TTR) is around 17 hours; for some groups, it is as little as 4 to 6 hours. This pace is in stark contrast to how major ransomware groups operated before the double extortion trend took off several years ago, when they would lurk inside victim networks for days or weeks to build greater access and gain complete control.
A clear correlation also exists between a ransomware group’s average TTR and its number of victims, the analysis by managed detection and response firm Huntress shows. Groups that grew significantly in terms of activity in 2024, such as RansomHub, Lynx/Inc, Akira, and Play, have some of the lowest TTRs, under 8 hours.
Some of these groups are also adopting a smash-and-grab approach by targeting small and midsize businesses and offering their affiliates — the hackers who perform the intrusions and infections — very high percentages of the ransom amounts. This incentivizes affiliates to generate as many ransom payouts as possible.
Less opportunity to detect
Another trend of note is that some ransomware groups are focusing more on data theft extortion than on traditional data encryption methods — though most groups do both. Improvements in endpoint detection and response (EDR) tools and ransomware detection in general may be contributing to this shift, as well as successful law enforcement actions.
“While these defenses have thrived, data loss prevention (DLP) services have hardly made any advances and are often only installed in mature corporate environments,” the Huntress researchers wrote in their report. “Attackers are becoming more aware of these circumstances and are opting to steal data and hold it for ransom.
Exploreemtech 360for the latest advancements in Information Technology & insightful updates from industry experts!
