Ransomware Evolution: Encryptionless Extortion and EDR Bypass Tactics Rise

Ransomware Evolution: Encryptionless Extortion and EDR Bypass Tactics Rise

First seen 13 May 2026, 13:56 UTC TechnaduGbhackers 75% similarity 60.5

Article Content

Browse articles
ThreatCluster

Kaspersky's 2026 report indicates a decline in ransomware incidents, yet the threat remains significant. Attackers are increasingly using EDR killers and BYOVD techniques to bypass security measures. The PE32 ransomware family employs post-quantum cryptography, specifically the ML-KEM standard, to secure its operations. With global ransom payments dropping to 28% in 2025, groups like ShinyHunters are shifting to encryptionless extortion, focusing on data theft and public leaks. The industrialization of ransomware attacks is supported by initial access brokers exploiting RDP and VPN vulnerabilities. Qilin emerged as the most active ransomware group, alongside Cl0p and Akira. Law enforcement has responded with takedowns of major dark web platforms, including RAMP and LeakBase, to disrupt these operations. The overall landscape shows a shift towards more sophisticated and varied attack methodologies.

Key Points: • Ransomware incidents decreased globally, but threats remain sophisticated and entrenched. • Attackers are increasingly using EDR killers and BYOVD techniques to disable security tools. • ShinyHunters and other groups are moving towards encryptionless extortion, focusing on data theft.

ThreatCluster AI

Timeline

2025-01-01
Global ransom payment rates drop to 28%
According to Chainalysis, the rate of ransom payments has significantly decreased, prompting a shift in tactics among ransomware groups.
Technadu
2025-12-01
Kaspersky releases 'State of Ransomware in 2026' report
The report highlights evolving ransomware tactics, including the use of post-quantum cryptography and EDR bypass techniques.
Technadu
2026-05-12
Ransomware gangs increasingly use BYOVD and EDR killers
Ransomware tactics are evolving, with attackers dismantling security tools and preparing for a post-quantum future.
Gbhackers

Community

Browse all →