Ransomware attacks need less than four days to encrypt systems>
Bleeping Computer – Bill Toulas
The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019.

The data was collected by researchers at IBM’s X-Force team from incidents analyzed in 2021. They also noticed a closer collaboration between initial access brokers and ransomware operators.

Previously, network access brokers might wait for multiple days or even weeks before they found a buyer for their network access.

In addition, some ransomware gangs now have direct control over the initial infection vector, an example being Conti taking over the TrickBot malware operation.

In terms of the tools and methods that ransomware actors use, Cobalt Strike is common for interactive sessions, RDP for lateral movement, Mimikatz and LSASS dump for credentials, and SMB + WMIC and Psexec are typically usd for deploying payloads on the network hosts.

In terms of alerts generated by security tools, IBM X-Force data shows that 42% of attacked organizations were warned in a timely manner in 2019. Last year, alerts were delivered in 64% of network intrusion cases.
Link: https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/