Close Menu
  • Home
  • News
  • Security
  • Privacy
  • Cybercrime
    • Threat Groups
    • Ransomware
    • Explainers
    • Stealer Logs
  • AI
  • OSINT
  • Tools
    • Ransomtracker
    • Stealercheck
    • FortiBleed Checker
  • About Us
Facebook X (Twitter) Instagram Threads
Ransomnews
  • Home
  • News
  • Security
  • Privacy
  • Cybercrime
    • Threat Groups
    • Ransomware
    • Explainers
    • Stealer Logs
  • AI
  • OSINT
  • Tools
    • Ransomtracker
    • Stealercheck
    • FortiBleed Checker
  • About Us
Facebook X (Twitter) LinkedIn
Ransomnews

LockBit, 2 years after Operation Cronos: where are they now?

Ransomnews Research TeamMay 11, 20260

A 2026 retrospective on the international takedown that displaced LockBit at the top of the ransomware ecosystem — what stuck, what reverted, where the affiliate workforce migrated, and what the next coordinated action should learn from the playbook.

MFA bypass via cookie theft: the #1 breach vector of 2026

Jesse William McGrawMay 11, 20260

Through 2024 and 2025 a quiet rebalancing happened: password-phishing fell, session-cookie theft via infostealers surged, and “we have MFA” stopped meaning what defenders thought it meant. A 2026 field guide to the technique and the controls that actually answer it.

2026 ransomware victim toll: countries, sectors, operators

Ransomnews Research TeamMay 11, 20260

A data-led snapshot of who’s actually being ransomed in 2026 — which sectors are losing ground, which operators are pulling away from the pack, and which national-level patterns the leak-site economy reveals.

Ransomware attribution 2026: TTPs, notes, fingerprints

Jesse William McGrawMay 10, 20260

A 2026 attribution playbook for ransomware investigations — combining TTP fingerprinting against MITRE ATT&CK, ransom-note artifact analysis, leak-site monitoring, and the open-source intelligence pivots that hold up under scrutiny.

What’s inside an infostealer log? A 2026 walkthrough

Ransomnews Research TeamMay 10, 20260

A 2026 walkthrough of the typical infostealer-log archive — what files it contains, what each one means, and how defenders parse them with Python and jq for downstream incident response.

Active Directory hardening 2026: Tier 0, DSRM, PRT theft

Jesse William McGrawMay 10, 20260

A 2026 practitioner walkthrough of Active Directory hardening against the lateral-movement, credential-theft, and persistence techniques that modern ransomware operators rely on — Tier 0 isolation, DSRM rotation, PRT theft mitigation, and AD audit baselines.

Ransomware IR runbook 2026: NIST 800-61 r3 + CISA templates

Ransomnews Research TeamMay 10, 20260

A practitioner walkthrough of building a ransomware-specific incident response runbook in 2026 — combining NIST SP 800-61 r3, CISA’s #StopRansomware playbook, and the lessons from named incidents on the Ransomtracker leak feed.

Audit your digital footprint 2026: Sherlock, Holehe, Whoxy

Jesse William McGrawMay 10, 20260

A 2026 self-doxxing tutorial — run the same OSINT tools attackers use, on yourself, to find every account, leaked credential, and broker entry tied to your identity. With remediation steps for each finding.

Attack-surface mapping 2026: Shodan, Censys, FOFA, Nuclei

Ransomnews Research TeamMay 10, 20260

A 2026 OSINT workflow for mapping the external attack surface of any organisation using only public data — internet-scan engines, certificate transparency, and authenticated vulnerability templates.

What is double extortion ransomware? An explainer for non-technical executives in 2026

Jesse William McGrawMay 10, 20260

An executive-level explainer of double extortion — the dominant ransomware playbook in 2026 — covering how it works, why backups don’t fully defeat it, and the policy choices boards now have to make in the first hour of an incident.

Previous 1 2 3 4 5 6 … 17 Next
Facebook X (Twitter) LinkedIn
© 2026 Ransomnews.com

Type above and press Enter to search. Press Esc to cancel.

Cookies on Ransomnews

We use strictly-necessary cookies to run the site and may use first-party analytics to understand which articles are read. Some pages contain affiliate links — when you click one, the affiliate network sets cookies on the merchant's domain to attribute the referral. See the Cookie Policy and Affiliate Disclosure for detail.

RANSOMNEWS.COM

Tracking the criminal infrastructure of the internet.

Independent coverage of ransomware, breach economics, threat actors, privacy, AI security, and the open-source investigation toolkit.

// Topics

  • News
  • Security
  • Privacy
  • Cybercrime
  • AI
  • OSINT
  • Threat Groups
  • Stealer Logs
  • Ransomtracker
  • Stealercheck
  • FortiBleed Checker

// Site

  • About Us
  • Editorial Team
  • Contact
  • Tip Line
  • Editorial

// Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Funding & Independence
  • RSS Feed
© 2026 Ransomnews.com · Tracking the criminal infrastructure of the internet.