Keep updated
Get in touch
Cryptocurrency addresses linked to payments for ransomware attacks
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.
Cryptocurrencies have, in recent years, become a common method to transact ransom payments in such attacks. The ransomwhe.re site collects addresses (accounts) that are known to be linked to these payments.
| Entities: |
| ||||||
|---|---|---|---|---|---|---|---|
| Entity types: |
| ||||||
| Publisher: | Jack Cable · United States non-official source | ||||||
| Collections: | in OpenSanctions Default · Warrants and Criminal Entities | ||||||
| Information: | ransomwhe.re | ||||||
| Source data: | api.ransomwhe.re · JSON | ||||||
| Coverage: | added · frequency: weekly | ||||||
| Last processed: | 2025-07-07 02:02:05 · v. 20250707020205-sxx | ||||||
| Last change: |
Downloads contain the full set of entities contained in this dataset. You can fetch a simplified tabular form, or detailed, structured data in JSON format. Updated files will be provided once a day at the same location.
| File name | Export type | Size | |
|---|---|---|---|
entities.ftm.json | FollowTheMoney entities | 5.52 MB | |
names.txt | Target names text file | 1.27 KB | |
senzing.json | Senzing entity format | 6.25 MB | |
source.json | Source data | 5.32 MB | |
targets.nested.json | Targets as nested JSON | 5.52 MB | |
targets.simple.csv | Targets as simplified CSV | 2.79 MB |
Help: Using the data · model reference · delta updates · support · change log · licensing
You can query the data in this dataset via the application programming interface (API) endpoints below. Please read the introduction for documentation and terms of service.
| Use the Reconciliation API in OpenRefine: | |
For full-text search, use the /search endpoint: | |
For entity matching, use the /match endpoint: |
The following targeted entities have been added to this data source most recently:
| Added | Name | Type | Countries |
|---|---|---|---|
| bc1q0lwpz2yufw3x9as6f679lwk8jx43g44683x5mc | Cryptocurrency wallet | ||
| bc1q4my6vqq8cg689drf9jccqudjclv67sz4cudkyd | Cryptocurrency wallet | ||
| bc1q9wnp6k7xxdqkdv4fa5ceyhv08espuskhu8ghq2 | Cryptocurrency wallet | ||
| bc1qfdzu6uv2nek524pe7lz4w0mxtt9898vfaegdaj | Cryptocurrency wallet | ||
| bc1qhzd63mz9mfucak7yzfn65p6rcsgztnsqr3dak8 | Cryptocurrency wallet | ||
| bc1qknumj4326runqxfr58kg0s7v7gu9y5v5t9uv6h | Cryptocurrency wallet | ||
| bc1qqrsd02sqthm8gej8lfesgpx82saw7q2g5pjtah | Cryptocurrency wallet | ||
| bc1qr0txunr259we37wer7w6et33qyq0n6hv83pw24 | Cryptocurrency wallet | ||
| 1261hYzcQ3gz8c57a8SVuwRqUYWKRcoLzo | Cryptocurrency wallet | ||
| 12A7aeXy8gXU5cfxfuVojwnUth1bS7uAU9 | Cryptocurrency wallet | ||
| 12FLPnExSQEpbhdtcFNChWniZ9PhXtu7fS | Cryptocurrency wallet | ||
| 12ua6vu4ty14dmWTQavbeDqUzUuX1t5kfb | Cryptocurrency wallet | ||
| 12Z7w1USU8f3u6uAzRQxK2bXxvNf48vC1h | Cryptocurrency wallet | ||
| 13fjdVAsFjHaSSBdhWpQ1WgmPZV2hKba53 | Cryptocurrency wallet | ||
| 13RCG5pSvANFiojjembTQpN7DqS5uZLvDo | Cryptocurrency wallet |
OpenSanctions is free for non-commercial users. Businesses must acquire a data license to use the dataset.