Based on analysis of over 600 publicly reported ransomware events, RiskRecon has discovered that criminals are detonating ransomware at targeted organizations seven days a week, leaving no time for enterprises to shore up their security operations.

RiskRecon researchers identified 654 ransomware events that were publicly reported between April 2017 and December 2021. The date the ransomware was activated to encrypt systems was disclosed in 473 of the 654 events. Friday had the highest share, at 19% of all disclosed ransomware detonation events. Wednesday was the second most common day ransomware was detonated, having 17%, followed by Sunday with a 15% share.

Ransomware Events by Day of the Week

“Criminals aren’t taking the weekends off. They are targeting organizations 24 hours a day, seven days a week,” said RiskRecon’s co-founder, Kelly White. “This continuous threat pressure necessitates that organizations operate their security monitoring and response operations at full capability at all times. Delays in responding to ransomware directly translate to increased business downtime. Going undetected and unchecked also gives criminals time to expand the ransomware blast radius.”

The reality of the never-resting ransomware threat has implications for supply chain management as well. Organizations will be wise to know who their critical suppliers are and ensure that their ransomware defenses are operating on par. “It is no longer enough to be concerned only about your own defenses,” explained White. “Organizations are critically dependent on the availability of their vendors and partners. ransomware takes out an essential partner, it can take down your enterprise.”