// PRIMERS

Explainers

Long-form primers on the underlying concepts. Built to be referenced, not skimmed.

What is double extortion ransomware? An explainer for non-technical executives in 2026May 10, 2026
An executive-level explainer of double extortion — the dominant ransomware playbook in 2026 — covering how it works, why backups don’t fully defeat it, and the policy choices boards now have to make in the first hour of an incident.
Building an OSINT investigation workflow: from intake to reportApril 30, 2026
The five-stage workflow that separates an OSINT analyst from someone with a bookmarks bar full of tools.
Geolocating a photo from scratch: the Bellingcat workflow for normal humansApril 30, 2026
A practitioner walkthrough of the photo-geolocation method used by Bellingcat and most newsroom verification teams. Worked example included.
OSINT 101: a starter toolkit for 2026April 30, 2026
A practitioner’s roadmap to the OSINT tools that actually earn their place in your bookmarks bar. Free and paid, with honest notes on what each one is good for.
Ransomware-as-a-Service (RaaS): How Cybercrime Got Its Franchise ModelApril 26, 2026
Ransomware-as-a-Service turned ransomware from a craft into a franchise. Core developers write the malware, affiliates run the intrusions, and revenue is split. Here is how RaaS works, who plays which role, and why it has been so hard to disrupt.
The Different Types of Ransomware: From Crypto-Lockers to Triple ExtortionApril 26, 2026
Not all ransomware is alike. Crypto-ransomware, lockers, scareware, leakware, doxware, wipers — each works differently and demands a different defensive response. A practical taxonomy.
How Ransomware Works: The Full Attack Lifecycle, Step by StepApril 26, 2026
Modern ransomware attacks are not single events; they are weeks-long intrusions that end in encryption. Here is the full lifecycle, from initial access to extortion, and what defenders can do at each stage.
A Brief History of Ransomware: From the AIDS Trojan to the RaaS EmpiresApril 26, 2026
Ransomware did not start with Bitcoin. It started in 1989, on floppy disks mailed to AIDS researchers, and spent thirty years evolving into the multibillion-dollar criminal industry we know today.
What Is Ransomware? A Plain-English Guide to the Defining Cybercrime of Our EraApril 26, 2026
Ransomware is malware that holds data, devices, or entire enterprises hostage until a payment is made. Here is what it is, why it works, and why it has become the single most disruptive category of cybercrime.