Business Continuity Management / Disaster Recovery , Cybercrime , Cybercrime as-a-service

Maximizing Opportunities to Stop Ransomware Attacks

Chet Wisniewski of Sophos on Latest Research Findings
Chet Wisniewski, principal research scientist, Sophos

See Also: Ransomware Response Essential: Fixing Initial Access Vector

The median dwell time that hackers are spending in victims' networks - from the time a compromise, such as a phishing incident or a vulnerability exploit, begins to the time ransomware encryption is triggered - has grown from 11 to 15 days. That means organizations now have a little more precious time to stop an attack "before the worst happens," says Chet Wisniewski, principal research scientist at Sophos.

"There are multiple opportunities along the time line where you're going to notice different malicious activities," he says, discussing key findings from recent Sophos research, including its new report, The Active Adversary Playbook 2022.

"You might notice 400 GBytes being uploaded … and say 'whoa.' And if you detected that, you have 72 hours before the attackers trigger the ransomware," he says.

In a video interview with Information Security Media Group at RSA Conference 2022, Wisniewski also discusses:

  • The latest ransomware trends;
  • Critical steps in taking a layered security approach;
  • Other key findings from Sophos' recent study.

Wisniewski, who has more than 20 years of professional experience, analyzes massive amounts of attack data gathered by SophosLabs to distill and share relevant information in an effort to improve the industry's understanding of evolving threats, attacker behaviors and effective security defenses.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.