How Long Does It Take Ransomware to Encrypt Your Files?

August 22, 2016 Arctic Wolf Networks

Ransomware attack on a computer. Hand typing with exclamation point above it.

Ransomware is slowly but surely becoming a household name.

In 2016, some of the most notable cyberattacks involved ransomware, starting with a sequence of hospitals, moving on to schools and financial institutions, and eventually even afflicting utilities (in May of 2016, a Michigan utility company was forced to shut down several of its systems and services after it was hit with encryption malware).

As such, most people already know how encryption malware works.

But are they aware of how fast it works?

Social engineering: The Ransomware infection starting line

Once ransomware is coded, the makers of the software will sell it to hackers on the dark web. These cybercriminals then attempt to infect users through any number of social engineering schemes—but mostly through phishing tactics.

A notable example of this is PETYA, which spread to businesses through emails purportedly sent from fake job applicants.

Upon executing the files in the shared Dropbox link, or in some cases running the attached “CV or resume,” the ransomware overwrote the master boot record, causing a system crash. Upon the automatic restart, it encrypted the MBR completely, making it impossible for the operating system to locate any of the information it needed to function properly.

Most other notable ransomware strains operate through similar tactics. Locky will disguise itself as a Word Document. Cerber will hide in a macro. The moment you run that document or enable the embedded macro, the program begins to run.

From here, there’s very little time before your files start becoming inaccessible.

How Long Does it Take Ransomware to Encrypt Your Files?

Brace yourself. 

According to the findings of our Ransomware Infection white paper, the average time it takes for ransomware to begin encrypting your files after execution is only three seconds.

In other words, once you run that malicious macro or download that shady PDF, your files will begin to encrypt before you can even make it to the IT helpdesk. 

The research, produced by Arctic Wolf Networks, is based on real-world cases the managed detection and response firm has witnessed firsthand. The white paper explains how the three-second mark was arrived at, what destructive events happen in those three seconds, and most importantly, will provide guidance on how businesses can use this knowledge to their advantage.

Remember, the best way to beat a cyberthreat is to know as much about it as possible.

For more info, check out our white paper, Ransomware Infection to Encryption: 3 seconds.

Previous Article
Selecting a SOC That’s Sensible for Your Organization

There's no such thing as a one-size-fits-all security operation center. 

Next Article
What You Need to Know About Data Breaches in the Financial Sector

You can't prevent an intrusion, but you might be able to catch it before it before it results in permanent ...


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!