DEV Community

Security Cyber
Security Cyber

Posted on

Ransomware Operators Keep Business Hours. The Data Proves It

#cybersecurity #infosec #general

Ransomware Operators Keep Business Hours. The Data Proves It

Ransomware operators are at it again -- and this time the tactics have shifted. Ransomware Operators Keep Business Hours. The Data Proves It Ransomware Operators Keep Business Hours. The Data Proves It 16,699 ransomware leak posts over 2 years show 84% drop Monday–Friday, peak at European afternoon hours. October spikes yearly.

The Details

Here is what we know: Someone analyzed 16,699 ransomware leak-site posts across 200 groups over two years and asked the question most threat intelligence reports dance around: when does this actually happen? The answer is mundane and useful. Ransomware runs on a workweek, peaks during European office hours, spikes every October, and the operator population is growing fast. Nobody who defends networks for a living should still be planning around the hooded-hacker-at-3am image..

The day-of-week breakdown is unambiguous. Monday absorbed 3,080 posts across the 24-month window. Tuesday came in at 3,073. Sunday posted 1,189..

And perhaps most importantly: “The mythology around ransomware involves anonymous hooded figures hammering keys at 3am. The data says the opposite.” reads the report published by Ransomnews Research Team. “The operators who post leak-site listings are running this as a business with a working week. Sunday is the slowest day in the corpus, with only 1,189 posts across all 200 groups over 24 months, less than 40% of Monday’s volume.”.

Why This Should Be On Your Radar

This matters because security is not a single-event problem -- it is a continuous process. Each new threat adds to the collective knowledge defenders need to stay ahead. Ignoring it does not make it go away.

What To Do

  1. Check whether your environment uses any of the affected components. 2. Brief your team or update your threat model accordingly. 3. Share this with your network -- the more defenders who know, the harder it is for attackers.

Full story: https://securityaffairs.com/192969/uncategorized/ransomware-operators-keep-business-hours-the-data-proves-it.html

What is your take? Are you affected? Drop your thoughts below.

More at https://securitycyber.uk
Mastodon: https://infosec.exchange/@securitycyber
LinkedIn: https://www.linkedin.com/in/charlie-collins-sec
Bluesky: https://bsky.app/profile/securitycyberuk.bsky.social
Substack: https://securitycyber.substack.com
Discord: https://discord.gg/securitycyber

Recommended resources to go deeper: https://www.hackthebox.com for hands-on practice, https://portswigger.net/web-security for free web security labs, and https://academy.tcm-sec.com for structured courses.

Originally published at https://securitycyber.uk

Top comments (0)