ransomwhe.re ransomware addresses
Cryptocurrency addresses linked to payments for ransomware attacks
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.
Cryptocurrencies have, in recent years, become a common method to transact ransom payments in such attacks. The ransomwhe.re site collects addresses (accounts) that are known to be linked to these payments.
Data overview
| Targets: | 7,460 | ||
|---|---|---|---|
| Entity types: |
| ||
| Coverage: |
| ||
| Publisher: | ransomwhe.re / Jack Cable | ||
| Information: | ransomwhe.re | ||
| Source data: | api.ransomwhe.re (JSON) | ||
| Collections: | in Due Diligence List · Warrants and Criminal Entities | ||
| Last changed: | |||
Bulk download
Downloads contain the full set of entities contained in this dataset. You can fetch a simplified tabular form, or detailed, structured data in JSON format. Updated files will be provided once a day at the same location.
| File name | Export type | Size | |
|---|---|---|---|
entities.ftm.json | FollowTheMoney entities | 4 MB | |
names.txt | Target names text file | 1 kB | |
source.json | Source data | 4 MB | |
targets.nested.json | Targets as nested JSON | 4 MB | |
targets.simple.csv | Targets as simplified CSV | 2 MB |
Help: Using the data · format reference · identifier use · commercial licensing
Using the API
You can query the data in this dataset via the application programming interface (API) endpoints below. Please read the introduction for documentation and terms of service. See also: OpenAPI Specification (JSON)
| Use the Reconciliation API in OpenRefine: | |
For full-text search, use the /search endpoint: | |
For entity matching, use the /match endpoint: |
