Website 'Ransomwhere' that summarizes the details of the ransom paid to ransomware

Cyber attacks using

'ransomware ' that forcibly restrict access to the system and demand a ransom are increasing. In order to visualize the damage situation of such ransomware, Jack Cable, who has a history of identifying more than 350 vulnerabilities in Google, Facebook, Uber, Yahoo, the US Department of Defense, etc., newly added the ransom payment status of crowd source. The recording site ' Ransomwhere ' has been released.


Ransomwhere is a site that summarizes ransom payment information reported by users, and the names are 'Ransomwere' and 'Where'. When you access it, you can see the total ransom amount listed at the top of the top page. The total amount of ransom paid to ransomware so far is $ 60,684,126.27 and $ 60,684,126.27 (about 6,680 million yen) as of July 12, 2021.

You can change the aggregation period by clicking 'all time' below the aggregation amount. The result of clicking 'this year' is as follows, and it seems that 2021 has caused damage of 33,238,594.80 dollars (about 3.66 billion yen) as of July 12.

Below that is the result of summarizing the ransom payment information reported by the user. 'Browse ransomware data' summarizes the total damage for each ransomware in a graph format.

'Netwalker (Mailto) ', which has the highest total damage, is a ransomware featuring a leak-only portal site that supports the 'timed disclosure function' that automatically publishes stolen data when the due date comes, and the total damage is about 2800. 10,000 dollars (3.08 billion yen). The second place is 'REvil / Sodinokibi' which requested Acer for 50 million dollars (about 5.4 billion yen), and the total damage was about 11.3 million dollars (1.24 billion yen).

'Latest transactions' records the details of the ransom payment reported by the user. Family is the name of the ransomware, Address is the

virtual asset address to which the ransom was transferred, Date is the date, Amount (BTC) is the amount of Bitcoin transferred, and Hash is the transaction hash .

'Latest reports' summarizes information published by companies. Created is the information disclosure date and time, Family is the ransomware name, virtual asset address, and Source is the URL where the information was released.

'Report ransomware addresses' allows you to report ransomware damage. Ransomwhere is a crowdsource site based on user reports, so the information provided is not 100% accurate, but you must attach a ransom screenshot when reporting, which is false. The management side will delete the report that seems to be.

In the FAQ's 'Why track ransomware payments?' Section, 'Transparency is very important to assess the spread of ransomware and the effectiveness of countermeasures. Fortunately, the transparency of Bitcoin allows you to track your payments by knowing your receiving address. Cloudsourcing your ransomware payees to the security community and the general public. We want to provide open resources to ransomware, 'says the significance of continuing to collect ransomware damage information.

in Web Service,   Security, Posted by darkhorse_log