The FireEye Mandiant M-Trends Report for 2021 has been published.
Some interesting stuff regarding ransomware, including:
Proliferation of ransomware attacks in 2020 is largely behind another big drop in the median dwell time (the length of time that an attacker spends in the victim’s network). This fell from 56 days in 2019 to 24 days in 2020. In 2011 the median dwell time was well over a year. Ransomware gangs are motivated to achieve their goals as quickly as possible and then move on.
Development of the ‘multifaceted ransomware’ strategy. Apart from encrypting data and ransoming it, attackers are also:
* Stealing the data and threatening to publish it (data breach)
* Publishing data on ‘name and shame’ websites on the dark web
* Telling news and media organisations about the attack, and also notifying business partners and other third parties
* Harassing employees
* Conducting DDoS attacks on the victims website(s)
Ransomware attacks are best defended against by a ‘defence-in-depth’ strategy including security awareness training, email security and endpoint protection.