4
During a ransomware attack, there is a short window of opportunity for SecOps teams to limit damage. This happens between the point of initial access and the encryption of data while threat actors are still consolidating their access prior to achieving their ultimate objective.
The median time between initial access and ransomware detonation is only 4.5 days, based on intrusions investigated by Secureworks incident responders. Often it can be as short as a few hours.
3
2
1
THE WINDOW OF OPPORTUNITY FOR STOPPING A RANSOMWARE ATTACK
get the report
Get expert intel on the latest in ransomware, supply-chain exploits, cloud vulnerabilities, and more.
Read our comprehensive report to understand key findings and recommendations your organization can take to counter threats.
days
days
days
days
day
4.5
Isolate the network
Investigate Indicator(s) of Compromise
Isolate impacted host(s)
Restrict domain admin access
Reset compromised credentials
Determine scope of threat actor activity
receive alert of potential threat actor activity from Secureworks Taegis
Reset compromised credentials
Restrict domain admin access
Determine scope of threat actor activity
Isolate the network
Investigate Indicator(s) of Compromise
Isolate impacted host(s)
receive alert of potential threat actor activity from Secureworks Taegis
REPLAY THE WINDOW OF OPPORTUNITY
Can you oust a threat actor before they deploy ransomware in your system? View your SecOps window of opportunity and find out.
4
During any network intrusion, there is a window of opportunity for defenders. This happens between the point of initial access and the encryption of data, when the threat actors are consolidating their access prior to achieving their ultimate objective.
The median time between initial access and ransomware detonation in intrusions investigated by Secureworks incident responders is 4.5 days.
View the window of opportunity to see if you can oust the threat actor before they deploy ransomware in your system
3
2
1
The Window of Opportunity for Network Defenders
learn more
The mean dwell time in 2021 was 22 days but so far in 2022 is down at 11 days, reflecting that there have been fewer 'outliers' compared to 2021, i.e. intrusions where threat actors spent weeks or months in an environment before deploying their ransomware.
days
days
days
days
day
reload
4.5
Isolate the network
Investigate Indicator(s) of Compromise
Isolate impacted host(s)
Receive Taegis alert of potential threat actor activity
detects upcoming threat
Determine scope of threat actor activity
Restrict domain admin access
Reset compromised credentials
Determine scope of threat actor activity