Halcyon Threat Insights 016: May 2025 Ransomware Report

Halcyon RISE's April 2025 intelligence summarizes widespread ransomware-related activity: targeted verticals (hospitals, manufacturing, finance), numerous hacktools and trojans detected as ransomware precursors (e.g., XMRig, JuicyPotato, NirSoft tools, Dnoper), multiple ransomware families and payloads blocked (Medusa/IMPS, BianLian, Lynx, Rhysida, RansomHub/Splinter), and a spotlight on Fog ransomware tactics including credential-based access, disabling backups/defenses, and double-extortion behavior.