Ransomware Gangs Evolve Tactics to Outmaneuver Enterprise Defenses
Ransomware gangs are highly sophisticated due to the competitive nature of the cybercriminal ecosystem, which drives continuous innovation and adaptation. They have access to advanced tools and collaborate within global networks, allowing them to share knowledge and resources. The financial incentives from successful attacks further motivate them to stay ahead of cybersecurity defenses. They leverage legitimate software and “living off the land” techniques, making their activities harder to detect and enabling them to quickly shift tactics in response to evolving security measures.
Ransomware gangs are increasingly adapting their tactics to counter stronger enterprise defenses and heightened law enforcement pressure. According to the Huntress’ 2025 Cyber Threat Report, 75% of ransomware incidents observed in 2024, threat actors employed remote access Trojans (RATs). Additionally, 17.3% of these attacks exploited remote monitoring and management products like ConnectWise Screen Connect, TeamViewer, and LogMeIn.
To bypass Endpoint Detection and Response (EDR) protections, many attackers are moving towards data theft and extortion tactics instead of traditional ransomware deployment. They increasingly utilize “living off the land” techniques, leveraging legitimate system administrator tools.
Huntress reports that ransomware gangs are now applying advanced tactics that were previously reserved for large organizations, such as tampering with or disabling cybersecurity products. The company notes, “The gap between sophistication in attacks on large enterprises and smaller businesses has narrowed — in fact, it’s all but disappeared.”
From monitoring over 3 million endpoints, Huntress found that infostealer malware appeared in 24% of attacks in 2024, while malicious scripts designed to automate attacks and evade detection were present in 22% of incidents. Greg Linares, principal threat intelligence analyst at Huntress, emphasized the competitive nature of the ransomware ecosystem, stating, “Now, more than ever, if malware families are not staying up to date with detections, they will get caught.”
The report also revealed that speed has become a critical factor for many ransomware gangs. The average time-to-ransom (TTR) — the duration from initial access to the delivery of the ransom note — was nearly 17 hours in 2024. Notably, certain gangs, including Play, Akira, and Dharma/Crysis, achieved an average TTR of approximately 6 hours, indicating their efficiency.
Huntress observed a significant shift in strategy among ransomware gangs, with many opting to exfiltrate sensitive data from victim organizations rather than encrypting it. This change is a direct response to stronger defenses and increased law enforcement actions against notorious gangs like Lockbit.
Despite advancements in EDR and ransomware protection services, enterprises are facing challenges. The report points out that data loss prevention (DLP) services have not evolved at the same pace and are often only implemented in mature corporate environments. Linares stated, “While these defenses have thrived, data loss prevention services have hardly made any advances.”
As ransomware tactics continue to evolve, organizations must prioritize DLP measures and enhance their overall cybersecurity posture. With the growing trend of remote work and Bring Your Own Device (BYOD) policies, it is crucial for enterprises to implement comprehensive monitoring and control strategies to safeguard sensitive data from increasingly sophisticated ransomware threats.
To combat the evolving threat of ransomware, 2W Tech offers comprehensive cybersecurity solutions tailored to meet the unique needs of your organization. Our services include advanced Endpoint Detection and Response (EDR) systems that are designed to detect and neutralize threats quickly, as well as robust data loss prevention (DLP) strategies to protect sensitive information. We understand the challenges posed by remote work and BYOD policies, which is why we provide continuous monitoring and customized security measures to safeguard your network. By partnering with 2W Tech, you can strengthen your defenses against sophisticated ransomware tactics and ensure the security of your enterprise data. Give us a call today to get started.
Read More: