According to FireEye, the overwhelming majority of ransomware attacks (76%), targeted business networks, occurs when employees are not at the office.
The company 's report states that 49% happen during the night (on weekdays), while 27% over the weekend.
FireEye said this conclusion came from the analysis of dozens of ransomware attacks that took place in the period 2017-2019.
FireEye claims that most of these ransomware attacks is usually the result of a well thought out intrusion.
According to the company report, ransomware gangs are initially violating it network of a company and trying to steal credentials and spread out to as many workstations as possible. At the end, install ransomware on everyone systems and trigger the infection.
The company also reported that most ransomware runs three days after the initial violation, giving companies time to prevent the worst. It is sufficient to have the right tools to detect it immediately infringement.
Increase of human-operated ransomware attacks
In all these cases, the ransomware is triggered by the intruder command and not automatically, during the initial breach of the network. This tactic used to be old. Now, hackers choose to run the ransomware a little later.
Most gangs have complete control over the ransomware and decide very carefully when the time is right to encrypt the network.
Microsoft calls these types of attacks "human-operated ransomware attacks"
FireEye said that from 2017, these ransomware attacks increased by 860% and have affected all sectors in almost all countries.
"If companies are able to quickly identify and mitigate the original breach, they can avoid the significant damage and cost of a ransomware attack," FireEye said.