Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

Why? Well, partly because we have an unlimited Splunk license, but also because we couldn’t find the answer to the question: “How long do you have until ransomware encrypts your systems?” This seems like knowledge that organizations could use to organize their defenses. If organizations have more than 20 hours before ransomware finishes encrypting, they might choose to focus on detecting and mitigating ransomware after infection. If ransomware encrypts an entire system in 52 seconds, organizations should probably respond earlier in the ransomware lifecycle.

In our initial hypothesis, we asserted that if ransomware executes on a system, then it’s too late for an organization to respond effectively. We conducted a literature review of ransomware encryption speed and only uncovered work that was encyclopedic in scope from one of the ransomware groups themselves. Gone in 52 Seconds … and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed