Insights
Notes from the Field
Real incidents. Hard lessons. What actually works — from a team that has seen it all.
Ransomware Emergency: 5 Steps to Take Right Now
You just discovered ransomware on your machine. The clock is ticking — and the first 30 minutes determine how much data you can save. Here's exactly what to do, in order, based on what we've seen across 1,000+ ransomware incidents.
Ransomware Recovery Guide: From Attack to Full Restoration
Ransomware recovery isn't a single decision — it's a critical sequence of actions that begins the moment you discover encrypted files and doesn't end until your network is fortified. Based on insights from over 1,000 incident response cases, this guide walks you through the exact steps needed to contain the threat, identify your options, and restore your business operations safely.
9 Ways to Prevent Ransomware: A Practical Checklist
Most ransomware prevention advice is too vague to act on. Be careful with emails doesn't help. Here are nine specific controls that make your business a harder target — ranked by what we actually see working in 1,000+ ransomware incident responses.
LockBit Ransomware Recovery: What to Do When Your Files Are Locked
Your files now end in `.lockbit` or `.lockbit3`. The ransom note is on your desktop and it names a price in Bitcoin. LockBit has been the most active ransomware family targeting businesses since 2022, and it's fast — really fast. Here's what recovery actually looks like, based on what we've seen across hundreds of LockBit-specific cases.
Phobos Ransomware: Why SMBs Are the #1 Target
Your files now end in `.phobos`, `.deym`, `.mamba`, or `.phreud`. The ransom note demands payment in Bitcoin and lists a deadline. Phobos has been quietly devastating small and mid-sized businesses for years — it doesn't get the headlines LockBit gets, but it hits more SMBs than almost any other family. Here's what recovery actually looks like.
HODINI Ransomware: The Variant That Targets Logistics Companies
Your shipping manifests, customs declarations, and port entry forms are encrypted. HODINI ransomware doesn't just lock your files — it locks your cargo. Vessels don't wait. Container slots don't pause. Here's what recovery looks like when the clock is already running.
Locky Ransomware Recovery: What Works and What Doesn't
Your files now end in `.locky`, `.zepto`, or `.odin`. The ransom note is on your desktop. Locky ransomware has been around since 2016, and while direct infections are rarer now, its techniques live on in newer families. Here's what recovery actually looks like — based on what we've seen in hundreds of Locky-specific cases.