Attackers' Dwell Time Plummets as Ransomware Hits Continue May 20, 2021 Compliance May 4, 2021 Compliance Compliance euroinfosec) • May 3, 2021 Source: FireEye Mandiant "Dwell time," which refers to how long hackers hang out in an organization's network before being discovered, has historically been a key metric for expressing whether hack-attack victims are getting better at detecting intruders. The longer attackers can spend in an organization's network, the more chance they have to jump to systems, crack passwords, find and exfiltrate valuable data and maybe leave crypto-locking malware on systems. The good news is that the average dwell time continues to decline, according to FireEye's Mandiant incident response group. The bad news is that it declined, in part, due to ransomware attackers often quickly revealing themselves when corporate networks become crypto-locked and inaccessible.