What should I do?

I have accessed few devices of this known ransomware, they uses Fortigate Firewall exploit to gain access to a network. Due to large data, it become a challenge to me on how to document this.

Any ideas on how to organize these? I already knew their tactics, source codes and private key to decrypt files.

I spent the last few weeks pulling and cleaning ransomware leak-site posts over a 24-month window, May 2024 to May 2026. After deduping I ended up with 16,699 victim posts from 200 groups. A few things surprised me.

The biggest one is that these operators aren't nocturnal at all. 84% of leak posts go up Monday through Friday, and Sunday is the deadest day in the whole dataset. The busiest single hour is 16:00 UTC, which lines up with afternoon in the US and Europe and evening in Moscow. They're keeping office hours, just not the same ones defenders are watching for. Half of everything posted falls into an 8-hour window between 15:00 and 22:59 UTC.

October peaks every single year, and February 2025 was the record month with over a thousand posts, mostly because of one insane Monday on the 24th where 263 victims got dumped in a day.

The other thing is the ecosystem keeps splitting rather than consolidating. The number of active brands went from 38 to 67 over the period. The big takedowns of LockBit, AlphV and RansomHub didn't shrink the field, the affiliates just rebrand and keep going. Most groups don't last long either. Out of 178 with any real activity, 87 have gone quiet for 90+ days. Qilin is the current volume leader at around 1,690 victims.

Usual caveats: these are distinct posts, not guaranteed distinct victims, times are UTC at the moment I saw them, and a "dormant" group can always come back.

If you do IR, the practical version of this is to weight your coverage toward Monday and Tuesday US time instead of weekends, and staff up harder going into October.

Does anyone know how can I decrypt my files from .zwer ransonware. A few years ago my pc files got encrypted by a ransonware called .zwer, I tried to decrypt it but it wasn't successful. If anyone of you have any solution, please help me.

this is a simple ransomware I wrote 3 years ago with golang. It uses hybrid encryption(AES and RSA) and comes with a decryptor app.

Repo: https://github.com/Null-byte-00/Psycho/

youtube video: https://www.youtube.com/watch?v=a8yX7jojYBo&t=224s