API Documentation

How to Use the Ransomware.live API for Comprehensive Intel Retrieval

Introduction

The Ransomware.live API provides a robust interface to access data on ransomware activities, including recent posts, ransomware groups, cyberattacks, and more. Below, you’ll find instructions on how to use the Version 2 (v2) API to access various types of intel, complete with endpoint details and example requests.

Prerequisites

Basic knowledge of HTTP requests.
An API client or tool, such as curl, Postman, or a suitable programming library like requests for Python.

Base URL

The base URL for the API is:

https://api.ransomware.live/v2/

Endpoints

1. Retrieve Recent Posts

Endpoint: /v2/recentvictims

Description: Retrieves the 100 most recent posts related to ransomware victims.

Rate Limit: 1 request per minute.

curl -X GET "https://api.ransomware.live/v2/recentvictims" -H "accept: application/json"

2. Retrieve All Ransomware Groups

Endpoint: /v2/groups

Description: Fetches information about all known ransomware groups, including details on the tools and TTPs they use.

curl -X GET "https://api.ransomware.live/v2/groups" -H "accept: application/json"

3. Retrieve Specific Ransomware Group Details

Endpoint: /v2/group/<group_name>

Description: Retrieves details for a specified ransomware group by name, including tools and TTPs.

curl -X GET "https://api.ransomware.live/v2/group/REvil" -H "accept: application/json"

4. Retrieve Ransomware Incidents by Date

Endpoint: /v2/victims/<year> or /v2/victims/<year>/<month>

Description: Fetches ransomware incidents based on the specified year and optional month.

curl -X GET "https://api.ransomware.live/v2/victims/2023/06" -H "accept: application/json"

5. Retrieve Cyberattacks by Country

Endpoint: /v2/countrycyberattacks/<country_code>

Description: Retrieves cyberattacks that have targeted a specific country, identified by its country code.

curl -X GET "https://api.ransomware.live/v2/countrycyberattacks/US" -H "accept: application/json"

6. Retrieve Victims by Sector

Endpoint: /v2/sectorvictims/<activity> or /v2/sectorvictims/<activity>/<country_code>

Description: Fetches victims of a specific sector and optionally filters by country.

curl -X GET "https://api.ransomware.live/v2/sectorvictims/healthcare/US" -H "accept: application/json"

7. Search Victims

Endpoint: /v2/searchvictims/<query>

Description: Searches for victims matching a query string in their name or description.

curl -X GET "https://api.ransomware.live/v2/searchvictims/hospital" -H "accept: application/json"

Error Handling

The API provides detailed error messages:

404 Not Found: The requested resource doesn’t exist.
429 Too Many Requests: You’ve exceeded the rate limit.
500 Internal Server Error: There was an issue on the server side.

Conclusion

Using the Ransomware.live API v2, you can gain access to critical ransomware intelligence quickly and efficiently. Ensure to handle your API requests responsibly, respecting rate limits and properly securing any sensitive data. For more information, refer to the official API documentation.