Expert knowledge from the frontlines of ransomware defense. Industry leaders share actionable intelligence, novel workflows, and cutting-edge research to help you stay ahead of threats.
Expert research and analysis from the frontlines
Complete DFIR analysis of VEN0m ransomware including BYOVD attack chain, 42 behavioral detection queries, MITRE ATT&CK mapping, and trivially recoverable encryption key from a single open-source Rust binary.
Eric Taylor
February 26, 2026
+4 contributors
A case study exploring how deeper insight emerges when analysis moves beyond high-level sector classifications on Dedicated Leak Sites and instead focuses on the specific subsectors within which entities operate.
Jeffrey Bell
February 19, 2026
+3 contributors
A structured intelligence workflow for ransomware leak data collection and LLM-assisted analysis, from automated Tor-based collection to agentic reasoning and intelligence dissemination.
Apurv Singh Gautam
February 6, 2026
+4 contributors
An ethical and reproducible HUMINT-style workflow for safely observing ransomware affiliates using synthetic personas, tactical empathy, and rigorous operational security.
Matthew Maynard
December 29, 2025
+5 contributors
Follow the money through on-chain analysis, tracing stolen funds across BSC and TRON blockchains and connecting wallet addresses directly to other DPRK exchange thefts. Blockchain forensic evidence ties this campaign to a broader pattern of North Korean cryptocurrency operations.
Nick Smart and Andrii Sovershennyi
December 8, 2025
+4 contributors
Deep dive into the adversary infrastructure, operational security measures, and attribution analysis of the DPRK-linked campaign, revealing infrastructure fingerprints, C2 clusters, and connections to known threat groups.
Yashraj Solanki
November 13, 2025
+4 contributors
Detailed analysis of the DEV#POPPER.js RAT and OmniStealer malware used in the sophisticated cross-chain attack campaign, revealing the complete kill chain from initial compromise through data exfiltration.
Ellis Stannard
October 27, 2025
+6 contributors
Deep dive into a sophisticated DPRK-linked attack campaign using novel Cross-Chain TxDataHiding techniques to create takedown-proof C2 infrastructure across TRON, Aptos, and BSC blockchains.
Ellis Stannard
October 20, 2025
+5 contributors
Preview of expert articles and research coming to the platform
Deep dive into the latest tactics, techniques, and procedures used by ransomware groups in 2024.
Industry Expert
Coming Soon
Expert analysis on identifying and blocking C2 infrastructure before ransomware deployment.
Security Researcher
Coming Soon
Critical first steps and forensic preservation techniques when ransomware strikes.
Incident Response Lead
Coming Soon
How blockchain analysis helps trace ransomware payments and identify threat actors.
Crypto Analyst
Coming Soon
Understanding threat actor behavior and communication patterns during negotiations.
Behavioral Expert
Coming Soon
Leveraging machine learning models to detect ransomware behavior patterns.
AI Researcher
Coming Soon
We're building a community of ransomware defense experts. If you have unique insights, novel workflows, or cutting-edge research to share, we want to hear from you.
Email us at [email protected]
Partner with Ransom-ISAC to access high-quality threat intelligence and connect with defenders worldwide.