Skip to content

Ransomwhe.re – a newly launched, crowdsourced ransom payments tracker

  • by
ransomwhe.re OSINT

Ransomware attacks continue to dominate the 2021 threat landscape, edging closer and closer to being deemed a state security problem in the Western world.

Acts of extortion arising from the rogue usage of data encryption algorithms may soon be treated on par with terrorism, as currently there seem to be no other type of a cyber attack that can affect the lives of so many people and the functioning of so many institutions.

Two months ago I wrote a quick set of tips on how to protect yourself from ransomware – but unfortunately prevention is never enough.

And that’s where Ransomwhe.re steps in: the first crowdsourced and free to use platform for collecting and collating information related to the payments of online ransoms.

The idea of the platform is simple – ransomware victims (or researchers) can upload information regarding the ransom demands they were hit with, including the following:

  • The BTC addresses that the attackers gave their victims for payment
  • The ransomware family (only if known)
  • The amount of BTC the extertionists are demanding
  • Screenshot of the payment page
  • The ransom note
  • Links to public sources like reports or published research

The last three from the above list are meant to prevent abuse and generating fake reports.

The public availability of all the data will allow it to be cross-examined and verified. The creator of the site states that untruthful reports are going to be removed.

Any user can contribute to Ransomwhe.re by reporting BTC addresses connected to ransomware attacks. Anybody can also download the website’s data in .json format.

The creator of Ransomwhe.re is Jack Cable and here is how he explains the reason behind his project:

“Today, there’s no comprehensive public data on the total number of ransomware payments. Without such data, we can’t know the full impact of ransomware, and whether taking certain actions changes the picture. Ransomwhere aims to fill that gap by tracking bitcoin transactions associated with ransomware groups. It’s public, so anyone can view and download the data. And it’s crowdsourced, so anyone can submit reports of ransomware they’ve been infected with or otherwise observed.”

Thanks to the public availability of the Bitcoin blockchain and its nature as a distributed ledger, tracking ransomware funds should be made that bit easier – especially when combined with another public (albeit centralised) repository that hopefully will gather momentum.

PS. For BTC related OSINT, check out my previous post here.

Leave a Reply

Your email address will not be published. Required fields are marked *