Duty Analyst: Salva Rocha

Blog

Insights & Blog

Research, detection engineering notes, and incident response lessons learned.

Latest

122 articles published.

Insights 23 May 2025

Kettering Health crippled by ransomware: 14 hospitals on emergency reroute

On May 20, 2025, Kettering Health, a major healthcare network based in Ohio, experienced a ransomware attack that severely disrupted its operations. As a result, all 14 hospitals in the system were placed on emergency reroute. This meant ambulances were redirected, and staff had to switch to manual processes because digital systems—including electronic health records, internal messaging, and coordination platforms—became unavailable.

Salvador
Insights 22 May 2025

Pro-Russian Cyber Activity: Hybrid Threats and the UK Response

Russia’s cyber strategy increasingly relies on hybrid operations: coordinated campaigns that combine cyber attacks, disinformation, and political subversion. Since the invasion of Ukraine in 2022, the Kremlin and its supporters have amplified a new wave of cyber threats, using state-aligned groups, criminal proxies, and nationalist hacktivist collectives to target institutions across Europe.

Peter Bassill
Insights 20 May 2025

Donation-Based Ransomware Groups

In the constantly evolving world of ransomware, a new and unusual variation has emerged. Rather than demanding cryptocurrency payments, certain threat actors are now instructing victims to make donations to charity in exchange for decryption keys or promises not to publish stolen data. These so-calleddonation-model ransomware groupspresent themselves as ideologically driven, often citing anti-corporate motives or positioning their activity as a form of digital protest.

Peter Bassill