How to reach the Observatory, and how to reference its work.
Corrections are taken seriously: if something on this site is wrong, say so and it gets fixed with a note. Attribution disputes and confidence-label challenges are equally welcome, the labels exist to be tested.
A scope note: everything published here is built from open sources. This project does not handle, solicit, or store non-public data, and nothing sent to this address should include it.
General citation:
For a specific profile or tool, cite the page directly:
All material is open research. Reuse with attribution is welcome; a link back helps others find the primary source.
The Observatory is a structural analysis of Russia/CIS-linked ransomware networks: the financial flows, the infrastructure, and the jurisdictional protection that keep the ecosystem running. Our aim is practical, mapping where the ecosystem breaks and how to push it there, measured against KPIs tracked quarterly since Q1 2024.
Findings carry confidence labels (CONFIRMED / CREDIBLE / ANALYST INFERENCE) so readers can weigh each claim on its sourcing, not its phrasing.