About

Purpose

The purpose of Ransomware.live is to shed light on the opaque and rapidly evolving world of ransomware by providing a transparent, accessible, and continuously updated inventory of ransomware-related activity.

As ransomware attacks grow in frequency, sophistication, and impact, defenders—whether cybersecurity professionals, journalists, researchers, or even victims—face increasing difficulty in tracking these incidents in real time. Ransomware.live bridges that gap by aggregating publicly disclosed victim data from multiple ransomware groups' Data Leak Sites (DLS), along with additional threat intelligence, and presenting it in a clear, organized, and actionable format.

The platform does not engage in speculation, sensationalism, or intrusion. Instead, it passively observes the threat landscape and reports what is already visible on the internet. The project serves as a historical ledger, threat intelligence feed, and situational awareness tool for those seeking to understand the scope and evolution of ransomware operations worldwide.

Whether you are building defensive tools, writing about cybercrime, conducting academic research, or simply monitoring the threat landscape, Ransomware.live provides a consistent and structured dataset you can rely on—without paywalls, ads, or corporate backing.

Author

Ransomware.live is a personal project developed and maintained by Julien Mousqueton, independently and outside of working hours. This initiative is not affiliated with, endorsed by, or representative of his current employer.

• 👨‍💼 CTO in Cyber Security 🛡 @ Computacenter
• 🎓 Lecturer in Cyber Security @ École 2600 🏴‍☠️
• 🔗 LinkedIn Profile
• 🌐 Bluesky: @julien.io
• 📄 Resume: cv.julien.io (also available in French / aussi disponible en français)

I'm currently open to job offers and excited to explore new opportunities. Don't hesitate to get in touch.

How to Get the Intel

• Watch the live updates directly on the site: ransomware.live
• Subscribe to the RSS feed for real-time victim updates.
• Download the full database in JSON format from data.ransomware.live
• Use the public API for integration into your own threat intelligence systems.

External Sources & Credits

Ransomware.live aggregates and enriches public data thanks to the work of numerous cybersecurity researchers and organizations:

• Zscaler ThreatLabz – for high-quality ransomware profiles and notes.
• Valéry Rieß-Marchive – for information about cyberattacks and leaked negotiation chats.
• Will Thomas – for the Ransomware Tools Matrix and Vulnerability Matrix.
• Crocodyli – for mapping Tactics, Techniques, and Procedures (TTPs).
• Hudson Rock – for infostealer data attribution and enrichment.

Want to Help Us?

You can support Ransomware.live by buying a coffee ☕. Your contribution helps cover the cost of hosting, the domain name, and AI requests used to complete and enrich the threat intelligence shared on the platform.
Thanks to everyone who already pitched in — you help keep the site alive, independent, and free for all.

Important Legal Disclaimer

Ransomware.live does not host or distribute any leaked data. All content is based on:

• Public information disclosed by ransomware gangs on their DLS (Data Leak Sites)
• Open-source media and cybersecurity research
• Press articles and threat intelligence feeds

The platform does not encourage or facilitate cybercrime. Its sole purpose is transparency and awareness.

If you believe that a published item is incorrect or violates privacy, please contact support@ransomware.live. Requests will be evaluated in accordance with the project’s ethical guidelines.