A practitioner’s tutorial for verifying — or refuting — a claimed ransom payment on the Bitcoin blockchain using free tools. Useful for journalists, IR teams, and victims dealing with secondary-extortion claims.
Ransomnews Research Team
A 2026 tutorial for tracking individual ransomware affiliates across operator rebrands using VirusTotal Intelligence, abuse.ch’s MalwareBazaar, and YARA rules. Code reuse, builder fingerprints, and TTP continuity reveal the same crews under new names.
A 2026 tutorial on building a layered defence against infostealers — endpoint EDR settings that catch stealer behaviour, browser hardening that protects cookie stores, and the user-side training that closes the actual gap.
Stolen credentials are only half the package. The other half is the browser fingerprint that lets an attacker impersonate the victim’s session believably. A 2026 look at how fingerprint markets work.
A 2026 comparative profile of the three dominant infostealer families — capabilities, distribution channels, market share by observed infections, and where each is heading after the 2024 takedown actions.
Three mid-tier ransomware operators have built sustained victim claim counts in 2025-2026. Profiles of Qilin, Medusa, and Embargo — what’s distinctive about each, and what the rise of the mid-tier means for defenders.
Persistent rumors point to a Lapsus$ revival operating under new branding in 2026. Sorting the credible signal from the Telegram noise, and what defenders should make of it.
Akira began as a classic encrypt-and-extort operation but has been quietly drifting toward data-theft-only attacks across 2025-2026. A profile of where they came from, where they are now, and why the model is working.
RansomHub became the largest active RaaS by claim count in 2025 by absorbing experienced affiliates from the LockBit and ALPHV exits. A 2026 profile of the operator, their tooling, and their structural position.
Scattered Spider — UNC3944, Octo Tempest — survived the 2024 arrests and remains one of the most operationally aggressive English-speaking threat groups. Their 2026 playbook, capabilities, and how they keep getting in.