Ransomware Operators Exhibit Predictable Business Hours

An analysis of 16,699 ransomware leak posts over two years reveals that ransomware operators tend to operate during specific business hours, with an 84% drop in activity from Monday to Friday. The data shows peak activity during European afternoon hours and notable spikes in October each year. This trend suggests a level of organization and predictability in ransomware operations, which could be leveraged for defensive strategies. The analysis covers 200 groups and provides insights into the timing of ransomware attacks, offering valuable information for cybersecurity professionals. Understanding these patterns can help organizations better prepare and respond to potential ransomware threats.

Key Points: • Ransomware activity drops 84% during weekdays, peaking in European afternoons. • The study analyzed 16,699 posts from 200 ransomware groups over two years. • October sees consistent spikes in ransomware activity annually.