From the Fortress
Field notes on data resilience, ransomware recovery, and what actually works when the alert fires.
-

Three Seconds of Audio. One $25 Million Wire Transfer.
By Javi Cano • July 2, 2026AI voice clones and deepfake video calls now bypass the security awareness training most businesses rely on. The three defenses that actually work in 2026 are out-of-band verification procedures for high-stakes actions, 24/7 behavioral monitoring at the identity layer, and recovery readiness that assumes some attacks will succeed. Key Takeaways 3 seconds of audio. One… -

Foxconn Just Lost 8 Terabytes. Your Supply Chain Is Next.
By Javi Cano • July 1, 2026On May 12, 2026, ransomware crew Nitrogen breached Foxconn, exfiltrated 8TB across 11 million files, and disrupted production at multiple North American facilities. This ransomware attack exposed why contract manufacturers and their suppliers are now premium ransomware targets. The defenses that work are sub-15-minute recovery points, immutable air-gapped backups unreachable by stolen credentials, and rehearsed… -

Your Backup Admin Is the New Crown Jewel. Attackers Already Know.
By Javi Cano • June 25, 2026More than 90% of modern ransomware attacks target backup infrastructure before encrypting production. They are destroying the recovery copy which removes the only exit that doesn’t involve paying the ransom. The architecture that survives this requires immutable storage the production environment cannot disable, identity and network isolation for the backup console, and geo-separated air-gapped recovery… -

Why a Data Recovery Lab Hired a Crisis Counselor
By Javi Cano • June 24, 2026In an unassuming building in Novato, California, DriveSavers Data Recovery keeps something they call the Museum of Bizarre Disk-asters. Inside this museum are devices that survived house fires, snowblowers, monorails, and ocean sinkings. The machines on those shelves are a kind of optimism. They tell customers that even something extraordinary can usually be brought back…. -

Your Hospital Wasn’t Breached. Your Billing Vendor Was. Same Result.
By Samantha • June 16, 2026In late April 2026, a clinical billing platform serving more than 200 community hospitals across the southeastern United States went offline for six days following a ransomware attack on its parent organization. None of the hospitals had been breached. The billing vendor had. The operational result was identical. Patient charges could not be processed, claims… -

BridgePay Took Down Four States. Your City Is on the List.
By Samantha • June 11, 2026A ransomware attack on third-party payment processor BridgePay Network Solutions earlier this year took out credit-card payment systems for cities, utilities, and at least one county across four states. The municipalities themselves had not been breached. The processor had. Residents standing at the counter trying to pay their water bills did not care. That is… -

Mid-Sized Law Firms Are Losing the 2026 Ransomware War
By Javi Cano • June 11, 2026LexisNexis Legal & Professional confirmed in early 2026 that a threat actor had exposed customer files. Among them were records tied to .gov accounts, including federal judges, Department of Justice attorneys, and SEC staff. The legal research vendor nearly every firm in the country relies on had become the source of a breach that reached… -

When the EHR Goes Dark: Healthcare Recovery as a Patient Safety Decision
By Javi Cano • June 3, 2026The first thing that happens in a clinic when the electronic health record goes down is the front desk gets quiet. Then a nurse asks where the patient’s allergy list is. Then a clinician decides whether to delay an infusion. Then someone at the back of the line wonders why their appointment hasn’t been confirmed…. -

When “It’s in the Cloud” Becomes a Recovery Problem
By Javi Cano • June 1, 2026Most data loss conversations in 2026 still circle a misunderstanding that ought to have been retired a decade ago. The misunderstanding is the quiet conflation of a SaaS provider’s storage with a customer’s backup. The two operate under different responsibilities, and the gap between them is where a steadily growing share of the year’s data… -

The Quiet Cost of “We’re Covered” Security in the SMB Market
By Javi Cano • May 28, 2026“We’re covered. Defender comes with Windows.” Walk into enough small and mid-sized businesses and you’ll hear some version of that sentence in the first ten minutes. It’s usually said with confidence, often by people who care about security and are doing what they believe is reasonable. The gap between what those teams think they have… -

Beyond PCI: What ShinyHunters’ April Spree Says About Retail Resilience
By Javi Cano • May 27, 2026When the cyber extortion group ShinyHunters posted nine major brands to its leak site on April 20, the lineup read like a tour of modern consumer life. Zara, 7-Eleven, Pitney Bowes, Carnival, Rockstar Games. More than nine million records in play. Ransom demanded by the next morning. By now the playbook is familiar. A phone… -

When the Ransom Note Is a Disguise: Recovery in the Era of False-Flag Ransomware
By Javi Cano • May 18, 2026In May 2026, security researchers disclosed a campaign tracked as MuddyWater that should change how every executive thinks about ransomware attribution. The actor is nation–sponsored. The technique used Microsoft Teams social engineering to compromise targets. The ransom note presented the operation as Chaos-brand ransomware-as-a-service, a known criminal RaaS family, in what appears to have been…

