Evolving Ransomware Tactics
Ransomware gangs are adapting to stronger enterprise defenses by shifting their tactics. 75% of ransomware incidents in 2024 involved remote access Trojans (RATs), while 17.3% of attacks exploited remote monitoring and management tools like ConnectWise ScreenConnect and TeamViewer. To evade endpoint detection and response (EDR) protections, attackers increasingly steal and extort sensitive data instead of encrypting it, relying on “living off the land” techniques that abuse legitimate administrative tools.
This shift has narrowed the gap between attacks on large enterprises and smaller businesses, with sophisticated tactics now deployed across both. The average time-to-ransom (TTR) in 2024 was nearly 17 hours, but some groups, including Play and Akira, reduced it to 6 hours. The decline of major gangs like LockBit has driven attackers to focus more on data theft, exploiting the fact that many organizations lack effective data loss prevention (DLP) measures—particularly in work-from-home and BYOD environments.
As ransomware gangs prioritize speed and stealth, businesses must strengthen their defenses beyond EDR by improving data protection and monitoring. Without stronger DLP strategies, organizations remain vulnerable to data breaches, extortion, and reputational harm.
Wright, Rob. 2025. “Ransomware Gangs Shifting Tactics to Evade Enterprise Defenses.” Cybersecurity Dive. Feb. 12.
READ: https://bit.ly/3EDuSmU
