We're building a collaborative community of cybersecurity professionals dedicated to sharing high-quality threat intelligence. Join thousands of defenders, researchers, and analysts working together to protect organizations worldwide from ransomware threats.
Everything you need to fight ransomware
We provide the tools, intelligence, and community to help you protect your organization and others from ransomware threats.
Access high-quality, peer-reviewed ransomware reports and technical breakdowns from world-class experts. No paywalls, no vendor agendas.
Connect with defenders, researchers, and incident responders globally. Share knowledge, collaborate on threats, and learn from each other.
Learn from structured methodologies, case studies, and practical guides. All content is evidence-led and free from fluff.
Contribute your expertise and get recognized for your work. Build credibility while supporting the global fight against ransomware.
Ransomware attacks continue to surge globally, affecting organizations of all sizes. Understanding the scope of this threat is the first step toward building effective defenses.
€57B
Global damage in 2025
Total projected ransomware-related damages including ransom payments, downtime, recovery, and reputational harm.
2 sec
Attack frequency
A ransomware attack occurs every 2 seconds globally—a dramatic acceleration from every 11 seconds in 2024.
69%
Organizations targeted
7 of 10 organisations faced at least one ransomware incident in the past year, with healthcare at 67% and finance at 78%.
The Knowledge Gap
Traditional cybersecurity intelligence sharing is fragmented and gatekept behind expensive subscriptions, vendor relationships, and exclusive partnerships. This leaves countless organizations—especially smaller businesses, nonprofits, and public institutions—vulnerable to attacks they could have prevented with timely, actionable intelligence.
Meanwhile, ransomware operators share tactics, tools, and targets through underground networks with unprecedented speed and coordination. They're organized, collaborative, and constantly evolving—while defenders often work in isolation.
The current model fails because threats move faster than traditional intelligence cycles. By the time threat reports reach most organizations through conventional channels, attackers have already adapted their methods and moved on to new targets.
Open, peer-reviewed intelligence sharing levels the playing field. When defenders can access real-time threat data, share defensive strategies, and collaborate on response efforts, we can build collective immunity against ransomware campaigns. This isn't just about better cybersecurity—it's about protecting the digital infrastructure that modern society depends on.
A world without ransomware
At Ransom-ISAC, our vision is a world where ransomware no longer thrives in the shadows — a world where knowledge, not gatekeeping, is the standard for defence.
Expert research and analysis from the frontlines of ransomware defense
Detailed analysis of the DEV#POPPER.js RAT and OmniStealer malware used in the sophisticated cross-chain attack campaign, revealing the complete kill chain from initial compromise through data exfiltration.
Ellis Stannard
October 27, 2025
+6 contributors
Deep dive into a sophisticated DPRK-linked attack campaign using novel Cross-Chain TxDataHiding techniques to create takedown-proof C2 infrastructure across TRON, Aptos, and BSC blockchains.
Ellis Stannard
October 20, 2025
+5 contributors
Join forces with Ransom-ISAC to strengthen our collective defense against ransomware.
Ransomware is a global threat that requires a unified response. By partnering with Ransom-ISAC, your organization becomes part of a worldwide network dedicated to sharing intelligence, developing defensive strategies, and protecting communities from ransomware attacks.
Partnership opportunities include:
We believe in transparent, mutually beneficial partnerships that advance our shared mission of building a world without ransomware.
If you have additional questions, feel free to reach out to us.
Ransom-ISAC (Ransomware Information Sharing and Analysis Centre) is a not-for-profit, community-driven initiative dedicated to the global fight against ransomware. We connect defenders, researchers, incident responders, and organisations of all sizes to high-quality threat intelligence and practical collaboration — with no paywalls, vendor agendas, or barriers to access.
Our mission is to stamp out ransomware by delivering affordable, high-quality threat intelligence to all. We empower security professionals — both full-time and freelance — with recognition and opportunity, removing barriers and gatekeeping in a united fight against ransomware.
We welcome a broad community of cyber defenders: from technical practitioners and researchers to non-technical leaders, journalists, incident handlers, and policy professionals. If you're committed to protecting others from ransomware and believe in transparent, high-integrity collaboration, you belong here.
Too often, vital intelligence is hoarded or hidden to protect commercial or reputational interests. This behaviour increases the time ransomware threats go undetected, reduces victim awareness, and hinders the global understanding of adversaries. Worse still, it can cause real harm — to businesses, critical services, and even lives. We're here to change that.
No. A security clearance is not required. However, due to the potential for sensitive data (including TLP:AMBER and TLP:RED) to be shared within the community, we do conduct a Know Your Customer (KYC) screening process to ensure trust, accountability, and protection for all members.
No. Ransom-ISAC is strictly non-political and vendor-neutral. We operate independently and do not promote any products, services, or platforms. Our sole focus is ransomware — understanding it, disrupting it, and defending against it. That's all there is to it.
Curating and sharing only the highest-quality resources — including in-depth ransomware reports, technical breakdowns, educational lessons and knowledge sharing sessions from world-class experts, talks, case studies, practical guides. All content is peer-reviewed, evidence-led, and free from fluff or filler.
In the meantime, feel free to join our mailing list. When we launch, all members will undergo a vetting process to ensure they align with our values and help maintain a safe and secure environment for sharing information. Once verified, you'll gain access to our community platforms and resources.
We are built around accessibility, integrity, and excellence. We don't settle for mediocrity or put profits before purpose. We exist to empower defenders with the best intelligence available regardless of location, job title, or funding. We're here to build a better service, for less — one that prioritises quality, transparency, and global inclusion over paywalls and profit.