Researchers reviewed more than two years’ worth of ransomware attack data to see what trends they could spot. In a majority of incidents, attackers waited at least three days after breaking into a network to identify key systems to target with their ransomware. Such post-compromise ransomware deployment is growing in popularity because it is often more damaging for victims and more profitable for attackers than other models, FireEye’s study says. Drive-by-downloads, weak and unprotected Remote Desktop Protocol services, and phishing with a malicious link or attachment were the most common initial infection vectors in the ransomware attacks.”]