Ransomware Threat Intelligence: Tracking Attacks with RansomEye

By /

Listen to this Post

RansomEye is a powerful tool built to monitor ransomware activities, specifically targeting Indonesia, by leveraging public threat intelligence data from ransomware.live. This project showcases how open-source threat intelligence can be localized to provide actionable insights for security professionals and researchers.

🔗 RansomEye Project: https://lnkd.in/gBsDKPnY
🔗 Open-Source Version: https://lnkd.in/g_cW4V6J

You Should Know:

  1. How to Use Ransomware.live API for Threat Intelligence
    The ransomware.live API provides structured data on ransomware attacks, including victim details, ransomware families, and timelines. Here’s how you can fetch and analyze this data:

Example API Call with `curl`:

curl -X GET "https://ransomware.live/api/v1/victims" -H "accept: application/json" | jq .

Filtering Data for Specific Country (Indonesia):

curl -s "https://ransomware.live/api/v1/victims" | jq '.[] | select(.country == "ID")'
  1. Setting Up a Local Ransomware Monitoring Lab
    To replicate RansomEye’s functionality, you can use Python to process and visualize ransomware data.

Python Script Example:

import requests
import pandas as pd

response = requests.get("https://ransomware.live/api/v1/victims")
data = response.json()

df = pd.DataFrame(data)
id_attacks = df[df['country'] == 'ID']
print(id_attacks[['name', 'discovered', 'group']])

3. Automating Alerts for New Attacks

Use Linux cron jobs to check for new ransomware victims periodically: 

/30     /usr/bin/curl -s "https://ransomware.live/api/v1/victims" | jq '.[] | select(.country == "ID")' >> /var/log/ransomware-id.log

4. Analyzing Ransomware Groups with OSINT Tools

  • Maltego (for mapping attacker infrastructure)
  • SpiderFoot (automated OSINT reconnaissance)
  • MISP (threat intelligence sharing platform)

Install MISP on Ubuntu:

wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
bash /tmp/INSTALL.sh

5. Defensive Measures Against Ransomware

  • Detect Suspicious File Changes (Linux): 
    sudo find / -type f -mtime -1 -exec ls -la {} \; | grep -E '.(php|exe|js)'
  • Windows Command to Check Ransomware Indicators: 
    Get-WinEvent -FilterHashtable @{LogName='Security'; ID=4688} | Where-Object {$_.Message -like "ransom"}

What Undercode Say:

RansomEye demonstrates the importance of real-time threat intelligence in combating ransomware. By leveraging open-source tools and APIs, security teams can proactively monitor attacks. Key takeaways:
– Use automated scripts to track ransomware activity.
– Deploy SIEM solutions (like Splunk or ELK) for log analysis.
– Regularly backup critical data and test restoration.
– Apply network segmentation to limit ransomware spread.

Expected Output:

A structured, actionable report on ransomware threats, enriched with commands, scripts, and defensive techniques for cybersecurity professionals.

(Note: Removed non-IT links and comments as requested.)

References:

Reported By: Ransomwarelive While – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: