Series
Monthly Activity Reports
EDP monthly intelligence summaries — newest first
JUN
EDP Monthly · June 2026
June 2026 Activity Summary
Ransomware ecosystem activity, dependency pressure indicators, and disruption events
MAY
EDP Monthly — May 2026
May 2026 Activity Summary
Ransomware ecosystem activity, dependency pressure indicators, and disruption events
PDF
APR
EDP Monthly — April 2026
April 2026 Activity Summary
Ransomware ecosystem activity, dependency pressure indicators, and disruption events
PDF
MAR
EDP Monthly — March 2026
March 2026 Activity Summary
Ransomware ecosystem activity, dependency pressure indicators, and disruption events
PDF
Series
Framework Documents
Core framework — 13 documents
Start here
New to the framework? The Reading Order document maps the recommended sequence and dependencies between documents.
Reading Order →
00
PDF
01
PDF
02
PDF
03
PDF
04
PDF
05
PDF
06
PDF
07
PDF
08
PDF
10
PDF
11
PDF
12
PDF
Framework Overview
Ecosystem structure, analytical approach, and document map
Glossary
Standardized terminology for ecosystem actors, nodes, and pressure levers
Ecosystem Disruption Playbook
Master disruption strategy: leverage points, sequencing, and coordination
Dependency Map (Refined)
Structural dependency relationships across all ecosystem nodes
RU Gov Protection Framework
State tolerance model: political protection mechanisms and jurisdictional leverage
Disruption Playbook: Phase A
Access layer — Nodes 01, 02, 03
Disruption Playbook: Phase B
Execution layer — Nodes 04, 07, 08
Disruption Playbook: Phase C
Delivery layer — Nodes 05, 06, 09
KPI Framework
Measurable indicators for tracking ecosystem disruption pressure
KPI Sourcing Plan
Data sources and collection methodology for KPI tracking
Group Pressure Tracking Template
Per-group template for monitoring disruption pressure indicators
Case Studies
Conti, QakBot, LockBit, BlackCat/ALPHV, Black Basta
Series
Ecosystem Dependency Playbook Modules
15 node-level modules
M01PDF
M02PDF
M03PDF
M04PDF
M05PDF
M06PDF
M07PDF
M08PDF
M09PDF
M10PDF
M11PDF
M12PDF
M13PDF
M14PDF
M15PDF
Stealers
Information-stealing malware: role, vendors, and disruption vectors
Loaders
Malware delivery infrastructure and key loader operators
Crypters
Obfuscation services enabling AV evasion
Callers
Social engineering and victim contact operations
Initial Access Brokers
Network access marketplace: structure, pricing, and interdiction
Exploit Brokers
Vulnerability and exploit supply chain
Ransomware-as-a-Service
RaaS platform structure, affiliate model, and pressure points
Leak Site Operations
Data extortion infrastructure and takedown leverage
Bulletproof Hosting
Resilient hosting infrastructure enabling persistent operations
Underground Forums
Criminal marketplace infrastructure: key forums and disruption vectors
Crypto Mixers
Cryptocurrency obfuscation services and financial interdiction
OTC Brokers
Over-the-counter crypto cash-out infrastructure
Money Launderers
Professional laundering networks and jurisdictional exposure
Mule Networks
Human cash-out infrastructure: recruitment, structure, and interdiction
Negotiation Services
Ransom negotiation intermediaries: role and leverage implications