Huntress has released its 2025 Cyber Threat Report, highlighting a major shift in cybercrime tactics over the past 12 months. As companies and governments adopt advanced enterprise defence tactics and increased law enforcement, the report outlines how ransomware gangs have adapted in response.
Ransomware in 2025
In years gone by, cybercriminals reserved their most sophisticated attacks for only the largest organisations they targeted. For smaller organisations, gangs mostly adopted more straightforward approaches by encrypting files and demanding payment to release them.
As SMBs have stepped up their defences, attackers have expanded their most advanced techniques for all businesses. Here’s a snapshot of the findings:
- Over 75% of remote access incidents in 2024 leveraged Remote Access Trojans (RATs), such as AsyncRAT and Jupyter, providing hackers with persistent control of compromised systems.
- Remote Monitoring and Management (RMM) tools are on the rise. Attackers are actors weaponising legitimate software like TeamViewer, LogMeIn, and ConnectWise ScreenConnect to infiltrate systems and gain long-term access.
- Living off the Land (LotL) techniques are becoming more prevalent, with attackers leveraging built-in administrator tools like Sysinternals Suite and LOLBins to evade detection.
- Data theft is replacing encryption-based attacks as gangs pivot towards extortion models that involve stealing data and holding it for ransom, rather than encrypting it in its original location.
Outdated defences
Impressive strides have been made in Endpoint Detection and Response (EDR) over recent years. The increased uptake of EDR solutions has led to a higher detection rate of suspicious malware.
However, the inadvertent impact of this improvement has been to force attackers into rolling out their most sophisticated hacking techniques across all target organisations. This creates a dilemma for companies, as highlighted in the Huntress report.
While EDR solutions have improved significantly, many organisations lack equally robust Data Loss Prevention (DLP) measures. This is particularly true in remote and hybrid work environments, which have become increasingly popular.
The discrepancy between strong EDR and weak DLP leaves a gap for cybercriminals to exploit.
Automated attacks
Despite their growing complexity, ransomware attacks are also getting faster. In 2024, the report found that the average Time-to-Ransom (TTR) was nearly 17 hours. However, some gangs achieved a TTR of just six hours. This accelerated execution leaves little time for organisations to detect an attack, let alone contain or respond to it, before critical damage occurs.
While cyber security firms have touted the rise of AI and automated software in enhancing their defence systems, the less-reported trend is that cybercriminals are also using these tools. Malicious scripts were used in 22% of attacks last year, a number that continues to rise.
Staying a step ahead
The technological arms race between hackers and cyber security firms remains a constant battle. Whatever steps you take to protect your business, nothing can guarantee total protection.
The only way to ensure that ransomware can’t hold your business hostage is to develop a robust cyber resilience strategy. In contrast to cyber security, cyber resilience goes beyond protection to limit downtime, recover quickly, and protect critical data.
Building resilience requires the following framework:
- Comprehensive data protection: Backing up your data is the first step. Making those backups immutable and easily recoverable prevents attackers from interfering with them.
- Zero trust security measures: If attackers do worm their way inside your systems, all is not lost. Enforcing strict access controls, multi-factor authentication, and continuous verification requests will limit attackers’ movements within the network.
- Incident response and recovery: When ransomware does strike, you need to have a response plan. Establishing clear response processes ahead of time will enable your business to restore operations efficiently.
Strengthen your cyber resilience
No cyber security provider can promise 100% protection from a ransomware attack. If hackers do gain access to your files, Redstor’s data backup and rapid recovery can keep disruption to a minimum:
- InstantData™ recovery: Access the files you need in seconds while a full recovery takes place in the background – no more waiting around.
- Immutable backups: Redstor ensures that hackers can’t alter, encrypt, or delete your backups – no matter how hard they try.
- Backup threat detection: We identify threats to your backups ahead of time to ensure you only have clean, recoverable data.
Peace of mind? Piece of cake. Get in touch today to learn how Redstor can protect your business.
