---

How to Use the Ransomware.live API for Comprehensive Intel Retrieval

Introduction

The Ransomware.live API provides a robust interface to access data on ransomware activities, including recent posts, ransomware groups, cyberattacks, and more. Below, you’ll find instructions on how to use the API to access various types of intel, complete with endpoint details and example requests.

Prerequisites

• Basic knowledge of HTTP requests.
• An API client or tool, such as curl, Postman, or a suitable programming library like requests for Python.

Base URL

https://api.ransomware.live/v2

Victim Data Fields

• victim: Name of the victim organization.
• activity: Industry sector of the victim.
• attackdate: Date of the ransomware attack.
• claim_url: URL where the ransomware group claims the attack.
• country: Country of the victim organization.
• description: Description of the victim organization.
• discovered: Date when the attack was discovered.
• domain: Website domain of the victim.
• duplicates: List of duplicate victim entries, if any.
• group: Name of the ransomware group responsible.
• infostealer: Information about stolen credentials and accounts, including:
  • employees: Number of affected employees.
  • employees_url: Number of credential leaks containing employee-related data.
  • thirdparties: Number of affected third-party organizations.
  • thirdparties_domain: Number of credential leaks containing third-party domain data.
  • update: Last update timestamp of the infostealer data.
  • users: Number of unique affected users.
  • users_url: Number of unique credential leaks containing user data.
• press: Press coverage of the attack, including source link and summary (if not null):
• link: Link to Ransomware.live card.
• source: Link to the source.
• summary: Summary of the press article.
• screenshot: URL of the screenshot showing proof of the attack.
• url: Direct link to the victim’s entry on Ransomware.live.
• updates (optional): List of updates related to the victim, including:
  • date: Timestamp of the update.
  • description: Description of the update.
  • link: URL to the source of the update.

Base URL

https://www.ransomware.live/v2

Endpoints

Get API Information

GET /info

curl -X GET "https://api.ransomware.live/v2/info" -H "Accept: application/json"

Retrieve Recent Victims

GET /recentvictims

curl -X GET "https://api.ransomware.live/v2/recentvictims" -H "Accept: application/json"

Retrieve Specific Ransomware Group

GET /group/<group_name>

curl -X GET "https://api.ransomware.live/v2/group/conti" -H "Accept: application/json"

Retrieve All Groups

GET /groups

curl -X GET "https://api.ransomware.live/v2/groups" -H "Accept: application/json"

Retrieve All Cyberattacks

GET /allcyberattacks

curl -X GET "https://api.ransomware.live/v2/allcyberattacks" -H "Accept: application/json"

Retrieve Recent Cyberattacks

GET /recentecyberattacks

curl -X GET "https://api.ransomware.live/v2/recentcyberattacks" -H "Accept: application/json"

Retrieve Victims by Group

GET /groupvictims/<group_name>

curl -X GET "https://api.ransomware.live/v2/groupvictims/revil" -H "Accept: application/json"

Search Victims

GET /searchvictims/<keyword>

curl -X GET "https://api.ransomware.live/v2/searchvictims/bank" -H "Accept: application/json"

Retrieve Cyberattacks by Country

GET /countrycyberattacks/<country_code>

curl -X GET "https://api.ransomware.live/v2/countrycyberattacks/FR" -H "Accept: application/json"

Retrieve Victims by Country

GET /countryvictims/<country_code>

curl -X GET "https://api.ransomware.live/v2/countryvictims/US" -H "Accept: application/json"

Retrieve Victims by Year/Month

GET /victims/<year> or /victims/<year>/<month>

curl -X GET "https://api.ransomware.live/v2/victims/2024/01" -H "Accept: application/json"

Retrieve Victims by Sector

GET /sectorvictims/<sector> or /sectorvictims/<sector>/<countrycode>

curl -X GET "https://api.ransomware.live/v2/sectorvictims/healthcare" -H "Accept: application/json"

Retrieve CERTs by Country

GET /certs/<country_code>

curl -X GET "https://api.ransomware.live/v2/certs/DE" -H "Accept: application/json"

Error Handling

The API returns standard HTTP status codes:

• 200: Successful request
• 400: Invalid request parameters
• 404: Resource not found
• 429: Rate limit exceeded
• 500: Server error

Contact

For issues, please contact the maintainer or visit Ransomware.live.

Conclusion

Using the Ransomware.live API, you can gain access to critical ransomware intelligence quickly and efficiently. Ensure to handle your API requests responsibly, respecting rate limits and properly securing any sensitive data. For more information, refer to the official API documentation.