API Documentation

Ransomware.live API Documentation (v2)

Gain programmatic access to ransomware victim data, group details, cyberattacks, and intelligence.
Base URL: https://api.ransomware.live/v2

Sample Fields in Victim Records

victim: Name of the organization

group: Ransomware group name

attackdate: Date of the ransomware incident

country: ISO-2 code of victim's country

infostealer: Dictionary of compromised data (users, employees, etc.)

press: List of press sources linked to the victim

updates: List of related incident updates

Authentication: No authentication is required to use the Ransomware.live API. All endpoints are publicly accessible. However, usage may be rate-limited to ensure fair access and platform stability.

Available Endpoints

Method	Endpoint	Description
GET	`/info`	Basic API metadata
GET	`/recentvictims`	Latest disclosed victims
GET	`/group/<group_name>`	Details about a specific group
GET	`/groups`	List of all ransomware groups
GET	`/allcyberattacks`	All known cyberattacks
GET	`/recentcyberattacks`	Recently added cyberattacks
GET	`/groupvictims/<group_name>`	Victims claimed by a group
GET	`/searchvictims/<keyword>`	Search for victims by keyword
GET	`/countrycyberattacks/<code>`	Cyberattacks in a country (ISO2)
GET	`/countryvictims/<code>`	Victims in a specific country
GET	`/victims/<year>/<month>`	Victims by year and month
GET	`/sectorvictims/<sector>`	Victims in a sector
GET	`/sectorvictims/<sector>/<countrycode>`	Victims in a sector and country
GET	`/certs/<country_code>`	National CERT contact for a country
GET	`/yara/<group_name>`	YARA rules associated with a group

Error Handling

200 OK: Success

400 Bad Request: Invalid parameters

404 Not Found: Endpoint or record not found

429 Too Many Requests: Rate limit exceeded

500 Server Error: Unexpected server error