Threat Summit 2026
Threat Summit 2026 brought together 16 speakers covering ransomware, DPRK infrastructure, BYOVD, healthcare threats, LATAM financial crime, HUMINT operations, the Japanese threat landscape, blockchain-hosted extortion portals, APTeens, cryptocurrency drainers, and DFIR lessons from the front line.
Huge thank you to every attendee who joined, engaged, and asked the hard questions. The quality of research and the willingness of this community to share openly is what makes this space special.
16 speakers · 5 public recordings · TLP-aware archive

Watch the recordings
Session recordings from the Ransom-ISAC community — real cases, findings, and research from practitioners doing the work.

BYOVD: The Trust Model Is Broken
Alex Necula
How attackers weaponize the Windows driver chain of trust through Bring-Your-Own-Vulnerable-Driver techniques.
Watch session
Blockchain-Hosted Extortion Portals
Tammy Harper
How cry0 moved victim negotiation and payment portals onto the Internet Computer Protocol — and a defender framework for tracking blockchain-hosted infrastructure.
Watch session
Gunra Ransomware Ecosystem Deep Dive
Nikolay Kichatov
Attack history, evolution, builder panel, and technical behavior of the Gunra ransomware ecosystem.
Watch session
Japanese Threat Landscape
Azim Uddin, Abdullah Al Mamun
Three actors impacting Japan — CoGUI, Smishing Triad, and MirrorFace / Earth Kasha — and the defensive consequences siloed reporting misses.
Watch session
Ransomware Misdirection: When Attribution Isn’t What It Seems
James John
A real ransomware investigation where a last-minute change of tactics revealed a different group was orchestrating the attack.
Watch session
Ransomware Unhinged: PG-13 Edition
Eric Taylor, James John, Ryan Chapman · Facilitated by Tammy Harper
A data-driven panel on 2026 ransomware trends — market bifurcation, identity-driven access, the EDR-killer arms race, and where extortion goes next.
Watch sessionTLP-restricted sessions: Some Threat Summit 2026 sessions are not publicly available due to TLP: Amber and TLP: Red classifications.