Ransomnews Research Team

The Ransomnews Research Team is the collective byline used for collaborative pieces, editorial briefings, and articles drawing on contributions from multiple researchers. Coverage spans ransomware operations, breach economics, threat actor profiling, OSINT methodology, and emerging risks across security, privacy, and AI.

Lumma now leads the infostealer ecosystem in 2026, after Operation Magnus took out RedLine and META in late 2024. RedLine’s legacy footprint still surfaces in older logs, Vidar remains stubbornly durable, StealC has gained share, Atomic dominates the macOS side, and ACR Stealer and Meduza are the rising Russian-language contenders. The top six families together produce the overwhelming majority of all stealer logs traded in 2026. Here is who is in your stealer log and why each one matters. Ransomnews Research Team. Window: post-Operation Magnus through May 2026.

Read More

A stealer log is the data dump that an infostealer malware produces after it compromises a device. It typically contains every saved browser password, every active session cookie, autofill data, system details, and in some families, screenshots and clipboard history. Stealer logs feed account takeover, ransomware initial access, and corporate breach pipelines. This explainer covers what a 2026 stealer log actually holds, how devices end up in one, how the logs are sold, and how anyone can check whether their data is in the ecosystem. Ransomnews Research Team. Updated June 2026.

Read More

Lithuania’s Centre of Registers (Registrų centras) disclosed a May 2026 breach exposing roughly 600,000 records. Attackers reused credentials of authorised institutions, queried from abroad. Alerts.bar data shows 117 stealer-log accounts tied to the agency and 60+ live infected staff endpoints across the wider Lithuanian institutional ecosystem.

Read More

A 5-year census of 65,907 exposed databases found 30,515 carry a ransom or wipe marker. Of 512 attacker wallets we traced on-chain, 318 received nothing. The 9.78 BTC ($753K) that did move concentrates into the top 10 wallets, which captured 43% of receipts. Mass database extortion is industrial, automated, and mostly failing.

Read More