Halcyon Threat Insights 005: May 2024 Ransomware Report

Halcyon’s May 2024 intelligence brief describes an active and evolving ransomware landscape: Information Technology, Education, and Finance were the most targeted sectors while a range of trojans (dropper/infostealer families) frequently serve as precursors to ransomware deployment. The report profiles multiple active ransomware families (Phobos, LockBit, BlackBasta, Akira, BlackSuit), highlights common vectors and TTPs such as compromised RDP, exploitation of ESXi and Citrix, use of Cobalt Strike/SmokeLoader, RaaS models, and double extortion tactics, and spotlights the INC Ransom group’s behaviors and tooling.