# 💁🏻‍♂️ About

Ransomware.live is a ransomware groups observatory based on [ransomwatch](https://github.com/joshhighet/ransomwatch) and inspired by [ransomlook](https://github.com/RansomLook/RansomLook). 

Ransomware.live is a ransomware leak site monitoring tool. It will scrape all of the entries on various ransomware leak sites and published them [here](recentvictims.md).

>[!WARNING]
>Contents within ransomware.live, posts.json, groups.json are dynamically generated based on hosting choices of real-world threat actors in near-real-time.
Whilst sanitisation efforts have been taken, by viewing or accessing ransomwatch you acknowledge you are doing so at your own risk.

## 🔭 Sources 

### Internal 

You can find all ransomware's victims in **json** format [here](https://data.ransomware.live/posts.json) or in **CSV** format [here](https://www.ransomware.live/posts.csv).

### External

- [ransomwhe.re](https://ransomwhe.re/) for the crypto wallet information. 
- [Zscaler ThreatLabz](https://github.com/threatlabz/ransomware_notes) for the [ransomware notes](ransomnotes)
- [Valéry Rieß-Marchive](https://twitter.com/ValeryMarchive) for the information about [cyberattacks](https://github.com/Casualtek/Cyberwatch/) and the [negotiation chats](https://github.com/Casualtek/Ransomchats).
- [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) for the Ransomware description.
- [CERT Orange Cyberdefense](https://www.orangecyberdefense.com/) for the [Ransomware map](cartography).
- [Tidal Cyber](https://www.tidalcyber.com/) for the TTPs.
- [HudsonRock](https://hudsonrock.com) for the Infostealers information.

## 👨🏼‍💼 About me 

I'm **Julien Mousqueton**

- I'm **CTO** in Cyber Security 🛡 @ [Computacenter](https://www.computacenter.com/fr-fr/what-we-do/security)
- I'm a **lecturer** 🎓 in Cyber Security @ [Ecole 2600](https://www.ecole2600.com) 🏴‍☠️
- I'm a **blogger** ✍🏻 at [julien.io](https://julien.io) in french 🇫🇷 
- I'm a **board member** at the [French Tech Corporate Community](https://www.linkedin.com/company/frenchtechcorporatecommunity) and co-leader of the cybersecurity initiative

You can find more in [my resume](https://cv.julien.io) in English (also available in [French](https://cv.julien.io/fr) / aussi disponible en [français](https://cv.julien.io/fr))


👉🏻 **I'm currently open to job offers and excited to explore new opportunities.** ***Don't hesitate to get in touch.***

## 📫 Contact me

You can contact me using the [following form](https://static.ransomware.live/contact.html).

## 🤩 Credits

- [Josh Highet](https://github.com/joshhighet) for the original [ransomwatch](https://github.com/joshhighet/ransomwatch) project. 
- [Ransomlook](https://github.com/RansomLook/Ransomlook) for ideas of new features included in [Ransomware.live](https://www.ransomware.live).
- [Valéry Rieß-Marchive](https://twitter.com/ValeryMarchive) for ideas and his involvement in the cyber community.
- [Scott Small](https://www.linkedin.com/in/scott-small-20ba0164/) from [Tidal Cyber](https://www.tidalcyber.com/) for giving me their TTPs for Ransomware. 
- [Marine Pichon](https://fr.linkedin.com/in/marine-pichon-298904193) from [Orange Cyberdefense](https://www.orangecyberdefense.com) for the [Ransomware cartography](cartography). 
- [Alon Gal](https://www.linkedin.com/in/alon-gal-utb/) from [Hudson Rock](https://Hudsonrock.com/) for letting me query the infostealer database. 

## ⚙️ API

An API is available for `ransomware.live`'s data

You can find more information about it : [here](https://api.ransomware.live/apidocs)

## ⚙️ Integration with OpenCTI 

[Sudesh Yalavarthi](https://www.linkedin.com/in/sudesh-yalavarthi/) has developped a [connector for OpenCTI](https://github.com/OpenCTI-Platform/connectors/tree/master/external-import/ransomwarelive) using the `Ransomware.live` API to import ransomware activities into OpenCTI from [Filigran](https://www.linkedin.com/company/filigran/)


## ❤️ Support 

If you want to support ransomware.live :

<a href="https://www.buymeacoffee.com/ransomwarelive" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>

## 🗞️ They talk about ransomware.live

Find [articles](press.md) about `ransomware.live`

## 👓 Feed RSS 

You can follow `ransomware.live` from its [RSS Feed](https://ransomware.live/rss.xml)

Newly added feeds for [negotiations](https://www.ransomware.live/#/negotiations) is available here : [Negotiations feed](https://www.ransomware.live/negotiations.xml) and for [last 100 cyberattacks](https://www.ransomware.live/#/recentcyberattacks) is available here : [Cyberattacks feed](https://www.ransomware.live/cyberattacks.xml) 

## 🎚️ Changelog

You can check the [Changelog](CHANGELOG.md "📰 ChangeLog for Ransomware.live") for majeur update on ransomware.live 

## 📜 License

<p xmlns:cc="http://creativecommons.org/ns#" xmlns:dct="http://purl.org/dc/terms/"><a property="dct:title" rel="cc:attributionURL" href="http://www.ransomware.live">Ransomware.live</a> by <span property="cc:attributionName">Julien Mousqueton</span> is licensed under <a href="http://creativecommons.org/licenses/by-nc/4.0/?ref=chooser-v1" target="_blank" rel="license noopener noreferrer" style="display:inline-block;">CC BY-NC 4.0<img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/cc.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/by.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/nc.svg?ref=chooser-v1"></a></p>