Talos IR ransomware engagements and the significance of timeliness in incident respons blog.talosintelligence.com/talos-ir-…

As ransomware threat actors continuously decrease their dwell time — here defined as the duration between initial access and encryption — it is increasingly imperative to be mindful of timeliness in incident response engagements (Infosecurity Magazine, CyberScoop, Orca, ThreatDown). Early intervention and remediation can significantly mitigate or even wholly prevent repercussions of ransomware attacks, such as financial loss, reputational damage and legal repercussions, as exemplified by a comparison of two recent Talos IR engagements.

In both these cases, the threat actors leveraged similar tools and tactics, techniques and procedures (TTPs) and the victim was alerted to suspicious activity prior to ransomware execution, yet one engagement resulted in 0% network encryption while the other victim experienced nearly 100% encryption.