According to reports, organizations around the world detected 317.59 million ransomware attempts in 2023.1
What’s interesting is that Malwarebytes’ 2024 State of Ransomware Report found that most ransomware attacks happen between 1 am and 5 am to catch cybersecurity teams off guard. This means that these attacks often happen when defenses are weaker—usually when fewer people are working.2
Knowing why ransomware strikes during “off-hours” can help you better prepare and protect your business from these threats.
Why Ransomware Attackers Strike Late But Strike Hard
Ransomware attackers often target their victims at times when they’re least prepared, like off-peak hours (at night, on holidays, or during weekends). These times are when fewer people are around to notice or respond to the attack, which makes it easier for the attackers to move quickly. Once they gain access to a system, they don’t waste time.
Google-owned Mandiant reported that Ransomware was used within 48 hours after attackers first gained access in nearly one-third of cases. Sophos researchers also reported that 90% of ransomware attacks now happen outside regular work hours, which are from 8 am to 6 pm, Monday to Friday.
Attackers can do more damage by striking when businesses are quiet before anyone realizes what’s happening.
The Role Of Time Zones In Global Attacks
Here’s an overview of how time zones affect Ransomware attacks:
Attackers’ Time Zones
Research shows that the time zone of attackers can impact when they carry out attacks. For example, a time-zone analysis on the REvil Ransomware group found that even though they are linked to Russian-speaking criminals, their attack times matched Pacific Time (UTC-8). This suggests that attackers may be spread across different regions.
Victim Time Zones
Attackers often plan their operations based on the time zone of their victims. By launching attacks during off-hours in the victim’s local time zone, they increase the chances of successfully breaking in and encrypting data before anyone can respond.
Dwell Times
The time between when attackers first access a system and when they launch Ransomware, called dwell time, has been getting shorter.
Figure 1: Dwell time (in days) 2020-1H2023, according to Sophos’ Active Adversary report
Sophos’ reports show that the median dwell time in the first half of 2023 was just five days. This means attackers are getting faster and more efficient; they often time their attacks during off-hours to surprise organizations and avoid detection.
| Find out the latest data and understand the impact of these Ransomware attacks. Our infographic provides all the important stats you need to know. |
Impact On Business Operations
Ransomware attacks can severely disrupt business operations. Here’s how these attacks can affect response times, productivity, and finances.
Reduced Response Time From Security Teams
Studies show that Ransomware attacks can seriously limit your security team’s ability to respond in time. For instance, a 2023 report by Sophos found that in 81% of successful Ransomware attacks on financial services, the attackers managed to encrypt data, meaning the security teams couldn’t stop them in time.
Similarly, Sophos also revealed that 32% of Ransomware incidents started through an unpatched vulnerability, indicating that teams might not be patching systems quickly enough to prevent these attacks.
Lost Time & Productivity
Ransomware attacks can cause a lot of downtime and lost productivity for organizations. When an attack happens, systems can be locked or damaged, and employees might not be able to access important files or work. This interruption can halt normal business operations and slow down your team’s ability to get work done.
A 2024 report by Sophos found that recovery times are slower, with 45% of Ransomware attacks taking more than a month to recover from, compared to 37% for compromised credentials.
Financial Consequences Of Delayed Responses
Ransomware attacks can have a big financial impact, especially if security teams can’t respond fast enough. This includes expenses for restoring data, fixing systems, and any other disruptions to your business. A report by Cybersecurity Ventures predicts that Ransomware costs could reach about $265 billion each year by 2031.
Furthermore, a 2024 report by Sophos found that these attacks can cost about $3 million to fix. This is four times higher than the cost of dealing with incidents involving compromised credentials, which averages $750,000. This shows that not only are Ransomware attacks more expensive to handle, but the longer it takes to address them, the more money your business will lose. Note that the FBI, CISA and NSA all strongly advise against paying a ransom.
| Check out our “See It In The Eyes” case study to find out how a real Ransomware attack affected a company, including the costs and consequences. Learn from their experience and see how you can better protect your own business. |
How Businesses Can Protect Themselves 24/7
Ransomware can strike at any time, so it’s important to be prepared around the clock. Here are steps you can take to protect your business:
- Keep Your Software Up To Date – Regularly update all systems and software to close any security gaps that attackers might use.
- Use Strong Passwords And Multi-factor Authentication (MFA) – Make sure everyone uses strong passwords and enable MFA for an extra layer of security.
- Backup Your Data Regularly – Store backups securely and make sure they’re not connected to your main network. This helps you recover quickly if an attack happens.
- Monitor Your Systems 24/7 – Use monitoring tools to keep an eye on your network at all times. This can help catch unusual activity before it turns into a bigger problem.
- Train Your Employees – Educate your staff on recognizing phishing emails and other common attack methods. Employees can be your first line of defense.
- Patch Vulnerabilities Quickly – Make sure to fix any security issues in your systems as soon as possible to avoid giving attackers an easy way in.
- Have A Response Plan – Set a plan for how your business will respond to a Ransomware attack. An endpoint detection and response using artificial intelligence (AI) and machine learning (ML) solution will detect and respond to threats on endpoints (like computers, servers, and mobile devices). They help security teams quickly respond to incidents, such as Ransomware attacks.
Taking these steps can better protect your business and reduce the chances of falling victim to a Ransomware attack.
FAQ
Do Most Ransomware Attacks Take Place During The Night Or Over The Weekend?
Yes, most Ransomware attacks often happen during the night or over weekends. Attackers choose these times because fewer people are working, making it easier for them to sneak in and cause damage without being noticed. This can delay your response and increase the impact of the attack.
Who Are The Targets Of Ransomware Attacks?
According to recent reports, Ransomware attacks often target industries like professional services, healthcare, the public sector, and consumer services because they handle sensitive data and may have weaker security. Businesses in these sectors are seen as high-value targets because attackers know that disruptions can lead to considerable payouts.
Do Ransomware Attacks Target Small Businesses?
Businesses are targets because attackers see them as a way to make money. They often aim for companies that may not have strong defenses. In fact, 60% of small to medium-sized businesses fail within six months of a cyberattack. The 2Secure team can help by providing Ransomware attack simulations and tailored defense strategies to protect your business.
Source.
- Petrosyan, A. (2023, August 31). Number of ransomware attempts per year 2022. Statista. https://www.statista.com/statistics/494947/ransomware-attempts-per-year-worldwide/
- Download | State of Ransomware 2024 – ThreatDown by Malwarebytes. (2024, August 5). ThreatDown by Malwarebytes. https://www.threatdown.com/dl-state-of-ransomware-2024/
