JSON

ransomwhe.re ransomware addresses

Cryptocurrency addresses linked to payments for ransomware attacks

Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.

Cryptocurrencies have, in recent years, become a common method to transact ransom payments in such attacks. The ransomwhe.re site collects addresses (accounts) that are known to be linked to these payments.

Data overview

Targets:7,460
Entity types:
Cryptocurrency wallets7,460
Coverage:
0 countries · Show overview...
Publisher:ransomwhe.re / Jack Cable

Information:ransomwhe.re
Source data:api.ransomwhe.re (JSON)
Collections:in Due Diligence List · Warrants and Criminal Entities
Last changed:

Bulk download

Downloads contain the full set of entities contained in this dataset. You can fetch a simplified tabular form, or detailed, structured data in JSON format. Updated files will be provided once a day at the same location.

File nameExport typeSize
entities.ftm.jsonFollowTheMoney entities4 MB
names.txtTarget names text file1 kB
source.jsonSource data4 MB
targets.nested.jsonTargets as nested JSON4 MB
targets.simple.csvTargets as simplified CSV2 MB

Help: Using the data · format reference · identifier use · commercial licensing

Using the API

You can query the data in this dataset via the application programming interface (API) endpoints below. Please read the introduction for documentation and terms of service. See also: OpenAPI Specification (JSON)

Use the Reconciliation API in OpenRefine:
For full-text search, use the /search endpoint:
For entity matching, use the /match endpoint: