• As you know, ransomware has become an inevitable, “background” reality for many companies around the world — and successful attacks and multi-million ransoms only fuel this sector.
• Ransomware distribution schemes vary: some choose very unique methods, while others stick to standard options. However, both achieve a successful (for the attackers) result and encrypt the data.
• This publication presents a number of useful sources that will help you learn a lot about ransomware and learn how to search for useful information during incident investigations:
• Intelligence:
➡ Ransomlook - content repository (forums, leaks, profiles of members of various groups, and much more).
➡ DeepdarkCTI - information about current threats and hacker groups, allows us to study the goals, tactics, methods, and various tools used at the reconnaissance and penetration stage.
➡ ID Ransomware - blog of an independent expert. You can find information on lesser-known groups and attacks. The presentation of the material is peculiar, but you can find something useful.
➡ Ransomware.Live - news about ransomware, their victims and correspondence with them, as well as beautiful statistics and infographics.
➡ Ransomwarehelp on Reddit - a community on Reddit with useful content and up-to-date information.
➡ No More Ransom - a resource from Europol with useful tips on preventing ransomware. They have free decryptors for many strains of ransomware that have been reverse-engineered by Europol experts.
➡ Ransomware Map - visualization of major ransomware attacks throughout time.
• Crypto:
➡ Ransomwhere - a site that allows you to track all ransoms of ransomware victims.
➡ opensanctions - a database of individuals and companies subject to sanctions or representing economic and political interest.
➡ Chainabuse - A platform for reporting on blockchain abuse.
➡ BitcoinHeist Ransomware Dataset - A collection of BTC addresses that have appeared in various old reports and studies. Quite old content and not very useful for researchers at the moment, but can be used for historical context.
• News and Blogs:
➡ CISA Alerts & Advisories - The US Cybersecurity Agency. There is a lot of content here, so use the filters when searching for news and other information.
➡ Halcyon Power Rankings- quarterly reports from the world of Ransomware are published here.
➡ Ransom Groups DarkFeed - quarterly statistics of various groups and attacks.
• Other useful resources:
➡ Ransomchats - the authors collect proofs using parsers and post them on the site. Each contact with the group is formatted as a JSON file. Usually the names of the victim companies are not given. In any case, they remain anonymous until the media or the attackers report on the incident.
➡ Tidalcyber - techniques, tactics and procedures that relate to certain groups of encryptors. The information is presented in the form of a beautiful matrix in a structured form, with proofs and sigma rules.
➡ Ransomware Architecture - how hackers encrypt a huge amount of data in a matter of minutes...
• Ransomware distribution schemes vary: some choose very unique methods, while others stick to standard options. However, both achieve a successful (for the attackers) result and encrypt the data.
• This publication presents a number of useful sources that will help you learn a lot about ransomware and learn how to search for useful information during incident investigations:
• Intelligence:
➡ Ransomlook - content repository (forums, leaks, profiles of members of various groups, and much more).
➡ DeepdarkCTI - information about current threats and hacker groups, allows us to study the goals, tactics, methods, and various tools used at the reconnaissance and penetration stage.
➡ ID Ransomware - blog of an independent expert. You can find information on lesser-known groups and attacks. The presentation of the material is peculiar, but you can find something useful.
➡ Ransomware.Live - news about ransomware, their victims and correspondence with them, as well as beautiful statistics and infographics.
➡ Ransomwarehelp on Reddit - a community on Reddit with useful content and up-to-date information.
➡ No More Ransom - a resource from Europol with useful tips on preventing ransomware. They have free decryptors for many strains of ransomware that have been reverse-engineered by Europol experts.
➡ Ransomware Map - visualization of major ransomware attacks throughout time.
• Crypto:
➡ Ransomwhere - a site that allows you to track all ransoms of ransomware victims.
➡ opensanctions - a database of individuals and companies subject to sanctions or representing economic and political interest.
➡ Chainabuse - A platform for reporting on blockchain abuse.
➡ BitcoinHeist Ransomware Dataset - A collection of BTC addresses that have appeared in various old reports and studies. Quite old content and not very useful for researchers at the moment, but can be used for historical context.
• News and Blogs:
➡ CISA Alerts & Advisories - The US Cybersecurity Agency. There is a lot of content here, so use the filters when searching for news and other information.
➡ Halcyon Power Rankings- quarterly reports from the world of Ransomware are published here.
➡ Ransom Groups DarkFeed - quarterly statistics of various groups and attacks.
• Other useful resources:
➡ Ransomchats - the authors collect proofs using parsers and post them on the site. Each contact with the group is formatted as a JSON file. Usually the names of the victim companies are not given. In any case, they remain anonymous until the media or the attackers report on the incident.
➡ Tidalcyber - techniques, tactics and procedures that relate to certain groups of encryptors. The information is presented in the form of a beautiful matrix in a structured form, with proofs and sigma rules.
➡ Ransomware Architecture - how hackers encrypt a huge amount of data in a matter of minutes...
