Full Report
In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the scoop on why it's important to question the platforms you interact with online.
Analysis Summary
# Ransomware Trends in 2024 (Based on Talos Year in Review)
## Key Points
- Ransomware actors overwhelmingly leveraged **valid accounts for initial access**, appearing in almost 70% of related cases observed in 2024.
- Ransomware actors exploited **public-facing applications** nearly 20% of the time for initial access.
- The Known Exploited Vulnerabilities Catalog for 2024 listed **28 out of 186 vulnerabilities** as being "Known to be used in Ransomware Campaigns."
- Vulnerabilities used in ransomware campaigns spanned CVE IDs from **2012 to 2024** (excluding 2015).
## Threat Actors
- The article refers generally to "Ransomware actors."
- A separate discussion teased for the next week involves prolific ransomware groups, specifically mentioning **LockBit**.
## TTPs
- **Initial Access Tactic:** Heavy reliance on **valid accounts** (nearly 70% of cases).
- **Exploitation:** Exploiting **public-facing applications**.
- *Note: Specific TTPs related to lateral movement or encryption stages were not detailed in this excerpt.*
## Affected Systems
- Systems vulnerable to **public-facing application exploits**.
- Any system where **valid credentials** were compromised or reused.
- Systems running software affected by vulnerabilities cataloged between 2012 and 2024 that were flagged as used in ransomware campaigns.
## Mitigations
- Apply **basic cyber hygiene principles**.
- **Update and patch all software** promptly.
- **Protect credentials** rigorously.
- *Note: Further specific mitigations (e.g., MFA specifics) are deferred to the following week's summary.*
## Conclusion
Ransomware defense in 2024 was heavily dependent on preventing initial access via compromised credentials and exploiting internet-facing services. The continued use of vulnerabilities dating back over a decade strongly suggests that fundamental patching and credential management remain the most critical gaps exploited by ransomware gangs. Prioritizing these foundational risks is essential to reducing exposure.