Ransomware.live

About

Welcome to Ransomware.live, your trusted free resource for comprehensive information and updates on the ever-evolving landscape of ransomware. In a digital world where cyber threats are increasingly sophisticated and pervasive, Ransomware.live serves as your go-to platform for the latest insights, analysis, and news related to ransomware attacks, trends, and defense strategies.
Our mission is to empower individuals, businesses, and cybersecurity professionals with accurate and timely information to better understand the threats posed by ransomware and how to protect against them. We provide detailed reports on the latest ransomware variants, analysis of high-profile attacks, and practical advice on prevention, detection, and recovery.

Our extensive database is populated through our proprietary web scraping technology, enhanced by artificial intelligence, and enriched with expert intelligence from Valéry Rieß-Marchive.

WARNING: Contents within ransomware.live, victims.json, groups.json are dynamically generated based on hosting choices of real-world threat actors in near-real-time. Whilst sanitisation efforts have been taken, by viewing or accessing ransomwatch you acknowledge you are doing so at your own risk.

About Ransomware.live

So far, Ransomware.live has indexed 15580 victims from 227 ransomware groups. The database also contains 1592 cyberattacks published in the press.

Today, Ransomware.live has 87 active parsers for 120 Ransomware group sites available.

Sources

Credit for additionnal external sources

Zscaler ThreatLabz for the ransomware notes.
Valéry Rieß-Marchive for the information about cyberattacks and the negotiation chats.
CERT Orange Cyberdefense for the Ransomware map.
Will for the TTPs.
HudsonRock for the Infostealers information.

About me

I'm Julien Mousqueton

I'm CTO in Cyber Security 🛡 @ Computacenter
I'm a lecturer 🎓 in Cyber Security @ Ecole 2600 🏴‍☠️
I'm a blogger ✍🏻 at julien.io in French 🇫🇷
I'm a board member at the French Tech Corporate Community and co-leader of the cybersecurity initiative

You can find more in my resume in English (also available in French / aussi disponible en français).

I'm currently open to job offers and excited to explore new opportunities. Don't hesitate to get in touch.

Contact me

You can contact me using the following form.

Credits

Josh Highet for the original ransomwatch project.
Ransomlook for ideas of new features included in Ransomware.live.
Valéry Rieß-Marchive for ideas and his involvement in the cyber community.
Marine Pichon from Orange Cyberdefense for the Ransomware cartography.
Alon Gal from Hudson Rock for letting me query the infostealer database.

How to access our intel ?

API

An API is available for ransomware.live's data. You can find more information about it here.

Database

The database of ransomware.live is freely available :

Victims : victims.json
Groups: groups.json

RSS Feeds

You can follow ransomware.live from its RSS Feed.

Integration with OpenCTI

Sudesh Yalavarthi has developed a connector for OpenCTI using the `Ransomware.live` API to import ransomware activities into OpenCTI from Filigran.

Support

If you want to support Ransomware.live:

Roadmap

If you want to follow the evolution of Ransomware.live:

Check our Trello workspace