Skip to main content

Most ransomware attacks take place at night

(Image credit: Image Credit: WK1003Mike / Shutterstock )

According to a new report from FireEye, most cyberattacks occur outside of working hours - either on weekends or in the evening.

Analysing “dozens of ransomware incident response investigations” from 2017 to 2019, the firm found three quarters of all ransomware infections in the enterprise sector happen outside of traditional working hours.

According to FireEye, half occurred during the night and 27 percent over the weekend. This gives hackers the greatest opportunity to conduct attacks without detection.

Ransomware is among the most common forms of cyberattack today. Hackers are increasingly turning to "human-operated ransomware attacks" to dictate when network lockdown is triggered, which requires a period of time spent in the network undetected.

Hackers first infect a machine, map out the entire network and ensure they can access all devices. Then, ransomware is installed on devices manually before the lockdown is triggered - this incubation period is referred to as “dwell time”.

Findings suggest cybercriminals are careful to select a time when fewer IT staff are on duty - on weekends or in the evening.

FireEye says human-operated ransomware has risen 860 percent since 2017, targeting all sectors and geographies equally.