Ransomwhere.org

Live Map Latest Victims Groups

Payments TTPs Identify News Data API

LIVE

Ransomwhere.org

Real-time ransomware intelligence platform. Tracking threat actors, victims, and payments to raise awareness and help defend against ransomware attacks worldwide.

Platform

Live Map
Latest Victims
Groups
Payments
Identify
News

Resources

Data & Methodology
API Docs
NoMoreRansom
Ransomware.live
CISA Advisories

Data sourced from Ransomware.live API. For informational purposes only.

© 2026 Ransomwhere.org

rook

Inactive

According to PCrisk, Rook is ransomware (an updated variant of Babuk) that prevents victims from accessing/opening files by encrypting them. It also modifies filenames and creates a text file/ransom note (HowToRestoreYourFiles.txt). Rook renames files by appending the .Rook extension. For example, it renames 1.jpg to 1.jpg.Rook, 2.jpg to 2.jpg.Rook.

9

Victims

1

Sites

Known Leak Sites

gamol6n6p2p4c3ad7gxmx3ur7wwdwlywebo2azv3vv5qlmjmole2zbyd.onionDLS

Victims (9)

Live

Abdi ibrahim

Evalueserve

DENSO

Data breach summary

Rossell Techsys(Data will be given tomorrow)

KMG Prestige, Inc. (Data will be given tomorrow)

Rosendahl Design Group

Rossell Techsys

KMG Prestige, Inc.

Top Targeted Countries

Unknown9

Activity

Total victims9

Countries affected1

Last seen