This week, our Year in Review spotlight is on ransomware—where low-profile tactics led to high-impact consequences.

Ransomware operators often prioritized stealth over complexity for initial access. They also focused on slipping past defenses with minimal noise—uninstalling security tools, creating new firewall rules for remote access, and using common, freely available tools.

The ransomware-as-a-service landscape also paints an interesting picture. A new player quickly rose through the ranks, becoming the second most prolific operator by targeting large payouts.

Something that hasn't really changed over the years is the sectors that ransomware actors target most heavily - favouring industries that typically have lower security budgets, irregular monitoring, but highly sensitive data.

We’ve pulled together the most significant insights in a quick, 2-page PDF:

If you only have 55 seconds? Watch this video:

For the full analysis, download Talos' 2024 Year in Review.