Team Cymru, a company that studies threats, says that the ransomware toolkit includes tools for reconnaissance, network mapping, stealing credentials, and exfiltration, as well as ways to stay in the system and move laterally through the local environment This article explores tools ransomware. . Will Thomas, a senior threat intelligence adviser for Team Cymru, says that many of the tools, like AnyDesk for remote management and Mega for downloads, can be used for both good and bad purposes.
Many ransomware groups use these tools a lot.He says that a lot of ransomware groups use the same tools that other ransomware groups do.
"For a lot of businesses, defending against these attacks isn't as hard as it seems. As long as you have the right protections in place to stop these tools from running on your systems, they won't be able to get to you." Related: Interlock Ransomware Targets Enterprise Firewalls from Cisco Ransomware is still a big problem, but companies are slowly learning how to deal with it.
Sophos' "The State of Ransomware 2025" report says that only half of attacks in 2025 led to encryption. This is the lowest number in six years, down from a high of 70% in 2024. They should also keep track of approved applications by using allow-listing.
Related: DarkSword: The iPhone Exploit Kit Works for Both Spies and Thieves Thomas says, "If you have EDR tools on agents running on your systems, it's very easy to see the commands and processes that are run to trigger these." "Most EDRs will be able to just block [a dual-use tool] by default because it's such a high-risk process, or it's too high-risk to do without permission." Thomas says that being able to find the servers of attackers, especially when those servers have the ransomware payload files, is a big win.
Threat researchers have a hard time linking specific attacks to specific groups because the groups are using many of the same tools.
