Briefings from the dark web.
Long-form analyses, playbooks and primers — grounded in the Darkfield corpus. Compiled with AI assistance, reviewed before publication.
Concept · · 7 min read
How double-extortion ransomware actually works
The mechanics behind the leak-then-encrypt playbook that now drives 90% of public ransomware disclosures — and why paying the ransom no longer guarantees the data is gone.
Playbook · · 9 min read
If your company appears on a leak site: the first 60 minutes
A practical, step-by-step playbook for the moment you discover your organisation has been claimed by a ransomware operator. What to verify, who to call, what not to do.
Trend · · 8 min read
What 38,000 ransomware disclosures tell us about who gets hit
We aggregated every public leak-site disclosure in the Darkfield corpus. The shape of the data argues against the cliché that ransomware is opportunistic — operators specialise by sector, geography and revenue band.