This gang’s attacks hit fast and hard, which leaves you less time to respond.
A highly successful and aggressive ransomware gang is getting even faster at encrypting networks as they look to extort ransom payments from as many victims as possible. Researchers at Mandiant examined ransomware attacks by a cyber-criminal group they refer to as FIN12 – responsible for one in five attacks investigated by the cybersecurity company – and found that there’s been a significant decrease in the amount of time between initially breaking into networks and their encryption with ransomware, most commonly Ryuk ransomware. According to data published in Mandiant’s M-Trends 2022 report, the average dwell time of FIN12 campaigns – the amount of time between criminal hackers gaining initial access to the network and triggering the ransomware attack – has dropped from five days to less than two days. SEE: Cloud security in 2022: A business guide to essential tools and best practices One of the reasons the life cycle of these attacks has been so heavily reduced is because FIN12 campaigns don’t focus on finding sensitive data and stealing it before triggering a ransomware attack. Searching for and stealing data has become a common tactic for many ransomware groups, who in addition to encrypting the data, threaten to publish it if a ransom isn’t paid.
