New Ransomware Risks for Remote Access Tools
October 15, 2025
Tushar Subhra Dutta of Cyber Security News writes that ransomware operators have shifted from opportunistic malware distribution to highly targeted campaigns that exploit legitimate remote access tools for purposes of stealth and persistence.
In early 2025, several ransomware gangs began abusing popular remote access tools, such as AnyDesk and Splashtop, to establish footholds within enterprise networks.
Crucially, the attackers can maintain persistent control using ordinary remote administration software that is in wide use. No executables are left on disks. Virus scanning is virtually nullified by the use of trusted methods enshrined in company protocol.
By hijacking or silently installing these utilities, adversaries bypass security controls that traditionally trust signed installers. This enables initial access without tripping conventional detection mechanisms.
Affected organizations quickly discovered anomalous remote sessions connecting from unexpected geographic locations.
Analysts found that the attackers leveraged credential stuffing and phishing to obtain privileged accounts, then deployed remote access tools to move laterally.
Cyber Security News advises defenders to implement strict application whitelisting, enforce multi-factor authentication, and monitor command-line arguments associated with common remote access tools. This will facilitate detection and disruption of the novel tactics before encryption can occur.
Understanding each stage of the ransomware strategy is crucial for facilitating early pattern recognition and building layered defenses. Phase analysis yields a deeper understanding of the attackers’ behavior.
Legal teams should warn clients that attackers use existing administrative frameworks to blend malicious activity into everyday IT operations, rendering their actions practically invisible to legacy endpoint protections.
Continuing to rely solely on custom malware binaries will virtually assure future litigation over inadequate cybersecurity.
Critical intelligence for general counsel
Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.
