Halcyon Threat Insights 011: December 2024 Ransomware Report

Halcyon’s November 2024 intelligence brief summarizes ransomware activity and mitigations observed across customer environments: sector targeting (IT, Finance, Education), a catalog of detected hack tools and trojans that serve as ransomware precursors, several ransomware payload families blocked, and a spotlight on the INC Ransom group including their TTPs (RDP credential abuse, Citrix NetScaler exploitation CVE-2023-3519, LOTL tools, and double extortion).