Ransomware Tool Matrix Project Updates: May 2025

This May 2025 update to the Ransomware Tool Matrix and Ransomware Vulnerability Matrix reviews active ransomware groups, newly observed and commonly used tools (EDR evasion, discovery, exfiltration, RMM/LOLBAS), and exploited vulnerabilities (including FortiOS/FortiProxy, Windows CLFS, Veeam, Confluence and others). The report highlights ecosystem instability following major operations and exit scams, documents specific tools and CVEs tied to groups, and recommends defenders prioritize threat hunting, detection rule development, and blocking of unauthorized tools.