Ransomware threat actors are streamlining their processes and reducing the amount of time from initial infection to the completion of encrypting devices. In the past, it could take days from initial access to the complete encryption of devices on a network. The threat actors behind Quantum ransomware have been able to complete their attacks in under four hours from the initial infection. This makes it all the more crucial to prevent these threat actors from gaining an initial foothold on the network in the first place, as the window to interrupt these incidents is narrowing. The most common way to gain initial access is through phishing campaigns, so it is important to train users to spot and report phishing emails, and to never enable Office document macros unless they are absolutely certain there is a business need. Beyond this, use Multi-Factor Authentication (MFA) on all forms of remote access like RDP and VPN, and have good endpoint monitoring with an EDR solution and either an internal SOC or a service like Binary Defense to triage the alerts. Having multiple backups and an incident response plan is also important, but in recent years, ransomware threat actors have been exfiltrating proprietary data and leveraging these to extort victims even if they are able to restore from backups.