Global ransomware attack tendencies

As mentioned in our previous monthly SOCshare review, according to ENISA, ransomware attacks are one of the most common types of cyber incidents in Europe. In this month’s review we focus on the global trends of ransomware attacks around the world during working and non-working hours. Cybereason has been conducting a survey of cybersecurity experts from different organisations and countries for several consecutive years to find out the trends in ransomware attacks. In both years, the surveys showed that there were more attacks of this type during off-hours and with a higher impact. Sophos research also confirms this by showing that, in general, the end of the week is the most common time of a day for ransomware attacks.

CyberSOC team sees more critical incidents during the out-of-office hours

Unfortunately, global statistics on the differences between the amount of cyber incidents during working and non-working hours are hard to find, but we can share what our analysts in Lithuania see. The NRD Cyber Security CyberSOC team has highlighted the statistics of all recorded incidents during working and non-working hours (out-of-office hours and weekends). The available data shows that more than 60% of all automated reports are generated during working hours. However, if we narrow down the data to 24/7 clients, we see a different trend. Of all the critical incidents raised and later confirmed as genuine security incidents – only about 40% occur during working hours. Thus, as many as 60% of the highest criticality real security incidents occur on weekends, or after working hours.

Co-funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the European Cybersecurity Competence Centre can be held responsible for them.