720-891-1663

Alerts, Breach, Security Practices

17 Hours: Time Between Hacked and Extorted

Leave a comment

That is a scary statistic. It used to be that hackers lurked inside your systems for days, weeks and even months conducting surveillance. This increased the chance of detecting them before they did damage. Damage like we are seeing with newspaper conglomerate Lee Enterprises, publisher of 72 newspapers and 350 specialty publications. Lee has been dealing with an unspecified cyber incident for about 10 days now with them admitting that it will be weeks or months before they get all of the publications back to normal and that it will have a material impact on their financials.

Based on details of ransomware incidents over the last year, the average “time-to-ransom” is around 17 hours.

For some groups, it is as little as 4 to 6 hours.

This timeline affects the number of attacks as well. Security firm Huntress says that the groups that “grew” the fastest in 2024 had some of the lowest times to ransom – under 8 hours.

In support of this, some ransomware operators have turned into smash and grab operations – get in, steal the data, extort the victim and move on. Some of the ransomware tools for hire are encouraging this by offering the operators a higher percentage when they do this.

Obviously, this reduces the time you have to detect malicious activities before “detonation”.

Better detection and more aggressive law enforcement may be part of the reason for this. A get in, attack, get out and repeat strategy makes it harder for defenders. And the cops.

Huntress also detects actions attackers took inside the network after intrusion. Some of these actions include network scans, lateral movement, credential dumping, etc. The more actions you take, the more likely you are to be detected. Some groups took as few as 6 actions while others took more than 30. Groups that rely on encryption and ransom payments do less actions; those that are trying to steal as much data as possible take more actions.

The bottom line is that you need to improve your security practices. Unless you want to be the next victim. If you need help, please contact us. Credit: CSO Online

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2025 CyberCecurity, All rights reserved. Privacy Policy