Can You See Ransomware Coming? Run This Vision Check.
Symantec, Thursday, July 24th, 2025
In Q1 of 2025, ransomware attacks surged 46% (oof), while median dwell time in ransomware cases came in at five days in 2024. With many strikes happening after hours, defenders find themselves with less time to respond before APTs wreak serious havoc.
As the window shrinks, pressure rises across every industry. Whether you're an enterprise or an SMB, ransomware doesn't discriminate-likely its only virtue, and a misfortunate one. And much like its diverse targets, their tactics are getting more complex and harder to detect.
Just last month, our elite team of Symantec and Carbon Black Threat Hunters uncovered Fog ransomware using an unusual toolset, potentially hinting at targeted espionage with cash extortion as their side hustle (as if spying wasn't bad enough). These obscure combos and unexpected behaviors point to uniquely chained, sophisticated tactics, techniques and procedures (TTPs) becoming the new norm.