Ransomwhere.org

Live Map Latest Victims Groups

Payments TTPs Identify News Data API

LIVE

Ransomwhere.org

Real-time ransomware intelligence platform. Tracking threat actors, victims, and payments to raise awareness and help defend against ransomware attacks worldwide.

Platform

Live Map
Latest Victims
Groups
Payments
Identify
News

Resources

Data & Methodology
API Docs
NoMoreRansom
Ransomware.live
CISA Advisories

Data sourced from Ransomware.live API. For informational purposes only.

© 2026 Ransomwhere.org

Groups/wannacry

wannacry

Inactive

WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system. At its peak in May 2017, WannaCry became a global threat. Cybercriminals used the ransomware to hold an organization's data hostage and extort money in the form of cryptocurrency. WannaCry spreads using EternalBlue, an exploit leaked from the National Security Agency (NSA). EternalBlue enables attackers to use a zero-day vulnerability to gain access to a system. It targets Windows computers that use a legacy version of the Server Message Block (SMB) protocol.

33

Victims

1

Sites

Known Leak Sites

none.DLS

Victims (33)

Live

State of Connecticut (12 State Agencies, including the Department of Administrative Services)

Becker County

Murfreesboro PD and FD

Honda Motor Co.

Telkom

Rensselaer County Library

National Health Service (NHS) UK

Telefonica

Renault

FedEx

Nissan

Russia Central Bank

Russian Railways

Russian Interior Ministry

Iberdrola

Indian police in the state of Andhra Pradesh

MegaFon

Sberbank

Thailand Digital Billboard

Singapore shopping mall

Chinese Police

Bank Of China

China gas stations

Chinese traffic police, immigration and public security bureaus

Sandvik

Top Targeted Countries

United States6

CN4

Unknown3

RU3

Brazil3

Activity

Total victims33

Countries affected16

Last seen