Close Menu
  • Home
  • News
  • Security
  • Privacy
  • Cybercrime
    • Threat Groups
    • Ransomware
    • Explainers
    • Stealer Logs
  • AI
  • OSINT
  • Tools
    • Ransomtracker
    • Stealercheck
    • FortiBleed Checker
  • About Us
Facebook X (Twitter) Instagram Threads
Ransomnews
  • Home
  • News
  • Security
  • Privacy
  • Cybercrime
    • Threat Groups
    • Ransomware
    • Explainers
    • Stealer Logs
  • AI
  • OSINT
  • Tools
    • Ransomtracker
    • Stealercheck
    • FortiBleed Checker
  • About Us
Facebook X (Twitter) LinkedIn
Ransomnews

EDR, XDR, MDR: The State of Endpoint Defence in 2026

Jesse William McGrawApril 26, 20260

Endpoint Detection and Response, Extended Detection and Response, Managed Detection and Response — the alphabet soup of modern endpoint defence is real but confusing. Here is what each tier actually does, where it stops working, and how to choose.

Play: The Closed-Shop Ransomware Brand Quietly Hitting Cities, Schools, and Critical Infrastructure

Jesse William McGrawApril 26, 20260

Play — also known as PlayCrypt — does not run an open RaaS. It runs a closed shop with vetted affiliates, an unusual aesthetic, and a steady cadence of attacks against cities, schools, and managed service providers. Quietly, it has become one of the most prolific operators of the post-LockBit era.

Hive: The Ransomware Operation the FBI Spent Seven Months Inside

Jesse William McGrawApril 26, 20260

Hive was a top-tier RaaS that hit hospitals, schools, and Costa Rica’s public sector — until the FBI quietly infiltrated its infrastructure for seven months, harvested decryption keys, and dismantled the operation in January 2023.

DarkSide: Colonial Pipeline, the Pseudo-Code-of-Conduct, and the Rebrand to BlackMatter

Jesse William McGrawApril 26, 20260

DarkSide ran for less than a year before its attack on Colonial Pipeline rewrote the politics of ransomware in May 2021. Then it disappeared, rebranded as BlackMatter, and seeded what would eventually become BlackCat/ALPHV. A short, consequential life.

Akira: The Retro-Themed Ransomware Operation Quietly Eating Mid-Market Enterprise

Jesse William McGrawApril 26, 20260

Akira launched in March 2023 with a 1980s green-screen aesthetic and rapidly became one of the most active ransomware operations in the world, riding waves of Cisco VPN exploitation and a steady stream of mid-market victims. Here is what makes it distinctive.

Black Basta: Conti’s Most Successful Successor and Its Healthcare Specialism

Jesse William McGrawApril 26, 20260

Black Basta walked out of the Conti collapse in 2022 and rapidly became one of the top RaaS programs in the world, with a particular taste for healthcare and critical infrastructure. Then internal chats leaked again — and the playbook started looking familiar.

Ryuk: The Big-Game Hunter That Made Ransomware a Boardroom Problem

Jesse William McGrawApril 26, 20260

Ryuk was the Russian-speaking operation that proved you could ransom a Fortune 500 company for tens of millions of dollars and get away with it. It is also the operation whose people went on to run Conti — and, by extension, half the modern ransomware ecosystem.

Cl0p: The Mass-Exploitation Specialists Behind Accellion, GoAnywhere, and MOVEit

Jesse William McGrawApril 26, 20260

Cl0p turned ransomware into a zero-day data-extortion business. Three sweeping campaigns against file-transfer software — Accellion, GoAnywhere, and MOVEit — produced thousands of victims and billions in damages, with little encryption and a lot of stolen data.

BlackCat / ALPHV: The Rust-Powered RaaS That Ended in an Exit Scam

Jesse William McGrawApril 26, 20260

BlackCat — also known as ALPHV — was the first major ransomware written in Rust, the operation that filed an SEC complaint against its own victim, and the brand that walked away with $22 million from Change Healthcare and stiffed its own affiliate. A short, eventful career.

REvil / Sodinokibi: The Big-Game Hunters Who Hit Kaseya, JBS, and Then Disappeared Twice

Jesse William McGrawApril 26, 20260

REvil — a.k.a. Sodinokibi — was the swaggering, big-game hunting RaaS responsible for some of the highest-profile attacks in ransomware history, including the Kaseya supply-chain incident. Then it vanished, briefly came back, and got cleaned up by the FSB.

Previous 1 … 14 15 16 17 Next
Facebook X (Twitter) LinkedIn
© 2026 Ransomnews.com

Type above and press Enter to search. Press Esc to cancel.

Cookies on Ransomnews

We use strictly-necessary cookies to run the site and may use first-party analytics to understand which articles are read. Some pages contain affiliate links — when you click one, the affiliate network sets cookies on the merchant's domain to attribute the referral. See the Cookie Policy and Affiliate Disclosure for detail.

RANSOMNEWS.COM

Tracking the criminal infrastructure of the internet.

Independent coverage of ransomware, breach economics, threat actors, privacy, AI security, and the open-source investigation toolkit.

// Topics

  • News
  • Security
  • Privacy
  • Cybercrime
  • AI
  • OSINT
  • Threat Groups
  • Stealer Logs
  • Ransomtracker
  • Stealercheck
  • FortiBleed Checker

// Site

  • About Us
  • Editorial Team
  • Contact
  • Tip Line
  • Editorial

// Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Funding & Independence
  • RSS Feed
© 2026 Ransomnews.com · Tracking the criminal infrastructure of the internet.