Cryptocurrency addresses linked to payments for ransomware attacks
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.
Cryptocurrencies have, in recent years, become a common method to transact ransom payments in such attacks. The ransomwhe.re site collects addresses (accounts) that are known to be linked to these payments.
Targets: | 7,460 | ||
---|---|---|---|
Entity types: |
| ||
Coverage: |
| ||
Publisher: | ransomwhe.re / Jack Cable | ||
Information: | ransomwhe.re | ||
Source data: | api.ransomwhe.re (JSON) | ||
Collections: | in Due Diligence List · Warrants and Criminal Entities | ||
Last changed: |
Downloads contain the full set of entities contained in this dataset. You can fetch a simplified tabular form, or detailed, structured data in JSON format. Updated files will be provided once a day at the same location.
File name | Export type | Size | |
---|---|---|---|
entities.ftm.json | FollowTheMoney entities | 4 MB | |
names.txt | Target names text file | 1 kB | |
source.json | Source data | 4 MB | |
targets.nested.json | Targets as nested JSON | 4 MB | |
targets.simple.csv | Targets as simplified CSV | 2 MB |
Help: Using the data · format reference · identifier use · commercial licensing
You can query the data in this dataset via the application programming interface (API) endpoints below. Please read the introduction for documentation and terms of service. See also: OpenAPI Specification (JSON)
Use the Reconciliation API in OpenRefine: | |
For full-text search, use the /search endpoint: | |
For entity matching, use the /match endpoint: |