Halcyon Threat Insights 012: January 2025 Ransomware Report

Halcyon’s December 2024 threat report summarizes prevented ransomware incidents and precursors across customer environments, noting IT, Education, and Finance as the most targeted sectors. The report catalogs detected hack tools (EDR disablers, credential stealers, network scanners, BloodHound components), trojans used as loaders/backdoors/rootkits, and multiple ransomware payloads blocked (e.g., LockBit/Fragtor, Phobos, BlackMatter variants, Akira, INC). It includes a focused profile of the Lynx RaaS—its growth, technical details (Windows-focused C++ binary, AES-128 CTR + Curve25519, shadow copy deletion, process termination, network share encryption), extortion tactics (single and double extortion), and industry targeting—alongside links to recent ransomware news and analysis.