Real-time ransomware intelligence for everyone
Ransomwhere.org is an open, non-profit ransomware intelligence platform that aggregates data from multiple free sources to provide a comprehensive view of the global ransomware landscape. We believe transparency and awareness are the first lines of defense against ransomware threats.
Primary data source for victim disclosures and group tracking. Continuously monitors ransomware gang leak sites. Provides the free API v2 powering our dashboards, feeds, and group profiles.
ransomware.live (opens in new tab) →Crowdsourced ransomware payment tracking. Tracks Bitcoin addresses associated with ransomware payments. Powers the Payment Tracker page.
ransomwhe.re (opens in new tab) →Techniques, Tactics, and Procedures (TTPs) mapped from the MITRE ATT&CK knowledge base. Used to catalog ransomware family behaviors on the TTPs page.
attack.mitre.org (opens in new tab) →Ransomware-filtered news aggregated from 30+ RSS feeds across leading cybersecurity outlets and vendor research blogs. Includes BleepingComputer, The Record, Krebs on Security, The DFIR Report, CISA Advisories, DataBreaches.net, Dark Reading, SecurityWeek, Unit 42, Talos Intelligence, Microsoft Security, CrowdStrike, Sophos, Mandiant, and more.
Europol-led initiative providing free decryption tools for known ransomware families. Powers the ransomware identification and decryptor lookup features.
nomoreransom.org (opens in new tab) →Indicators of Compromise (IoCs) from ThreatFox, MalwareBazaar, URLhaus, and Feodo Tracker. Provides real-time malware sample and C&C tracking data.
abuse.ch (opens in new tab) →All data is sourced from publicly available APIs and open-source intelligence.
This platform is for informational and defensive purposes only.