FireEye cyber security experts: Cybercrime execute ransomware three days after an organization’s network gets infiltrated. It execute them after working hours and on weekend. Infection vectors: RDP, phishing with link-attachment, and drive by download
Ransomware in 75% of the cases are deployed three days after an organization’s network gets infiltrated. It has been discovered by FireEye cyber security experts, who examined dozens of malware incident response investigations from 2017 to 2019. Moreover, 76% were executed in victim environments after hours, on a weekend or before 8:00 a.m. or after 6:00 p.m. on a weekday, using the time zone and customary work week of the victim organization. Several initial infection vectors across multiple ransomware incidents, including RDP, phishing with a malicious link or attachment, and drive by download of malware facilitating follow-on activity, were observed. RDP was more frequently found in 2017 and declined in 2018 and 2019. Furthermore, these vectors demonstrate that ransomware can enter victim environments by a variety of means, not all of which require user interaction.