Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

About Ransomware.live

What is Ransomware.live?

Ransomware.live is a free, independent, and continuously updated threat intelligence platform tracking ransomware groups and their victims worldwide. It passively monitors ransomware groups' Data Leak Sites (DLS), aggregates publicly disclosed victim data, and presents it in a structured, actionable format — no paywall, no ads, no corporate backing.

The platform serves cybersecurity professionals, journalists, researchers, and incident responders who need reliable, real-time situational awareness of the ransomware landscape. It does not host or distribute any leaked data, and does not engage in speculation or intrusion — only what is already publicly visible on the internet.

Author

Julien Mousqueton

Field CISO EMEA at Cohesity  ·  Lecturer in Cyber Security at École 2600  ·  Civilian Cyber Reservist, OFAC – Anti-Cybercrime Office, National Directorate of Judicial Police

Ransomware.live is a personal project built and maintained independently, outside of working hours. It is not affiliated with or endorsed by his employer.

LinkedIn @julien.io Resume Cohesity

Access the Data

Live site ransomware.live
RSS feed Real-time victim updates
JSON database data.ransomware.live
Public API Integrate into your tooling

Sources & Credits

Ransomware.live enriches its data thanks to the work of these researchers and organizations:

Zscaler ThreatLabz — ransomware profiles and ransom notes
Valéry Rieß-Marchive — cyberattack reporting and negotiation chat data
Will Thomas — Ransomware Tools Matrix and Vulnerability Matrix
Crocodyli — MITRE ATT&CK TTP mapping
Hudson Rock — infostealer attribution and enrichment
Support the project

Hosting, the domain, and AI enrichment all have a cost. If Ransomware.live has been useful to you, consider buying a coffee — it keeps the site independent and free for everyone.

Buy a coffee

Need Privacy? Contact Us Securely

If you need to reach us confidentially — to report sensitive information, raise a privacy concern, or share threat intelligence discreetly — please use our PGP-encrypted email.

supportransomware.live 
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEaglsChYJKwYBBAHaRw8BAQdAKctkDptJn2f3RlhUfCKYf4M55rg1oELxvuci
1LBfrwi0K0p1bGllbiBNb3VzcXVldG9uIDxzdXBwb3J0QHJhbnNvbXdhcmUubGl2
ZT6ItQQTFgoAXRYhBO13cCktJkFA3XKWLeXBpZPqkZyRBQJqCWwKGxSAAAAAAAQA
Dm1hbnUyLDIuNSsxLjEyLDAsMwIbIwUJA8JnAAULCQgHAgIiAgYVCgkICwIEFgID
AQIeBwIXgAAKCRDlwaWT6pGckankAP972m77YldCGjJAs7jJIWLkj+UyAUwWyUXs
k51GYpZdAgEAwTtL+2/j6G3XdNslV93Pvx6VL1qvGYe7rxabaioDlAG4OARqCWwK
EgorBgEEAZdVAQUBAQdAyEC4zK4OsT4/Q05nsB+AUv/WpHknn87dMm1SSN0i0zID
AQgHiJoEGBYKAEIWIQTtd3ApLSZBQN1yli3lwaWT6pGckQUCaglsChsUgAAAAAAE
AA5tYW51MiwyLjUrMS4xMiwwLDMCGwwFCQPCZwAACgkQ5cGlk+qRnJFHHwD/Uzi8
UQfogQfdHEOQ6c+7vwyCVfitWnqBHFQxeu5EsgYA/2K9Hi9szWrHsw7KxUPgVYeC
u9dBSD2LS3r80dd2aPkL
=SWfd
-----END PGP PUBLIC KEY BLOCK-----

Legal Disclaimer

Ransomware.live does not host or distribute any leaked data. All content is derived from:

  • Public disclosures by ransomware groups on their Data Leak Sites (DLS)
  • Open-source cybersecurity research and threat intelligence feeds
  • Press coverage and public incident reports

The platform does not encourage or facilitate cybercrime. Its sole purpose is transparency and awareness.

For the full legal disclaimer, see ransomware.live/disclaimer.

If you believe a published item is incorrect or raises a privacy concern, contact supportransomware.live. Requests are evaluated in accordance with the project's ethical guidelines.