Table of Contents

Ransomware Site Monitoring

What is this about?

Ransomware hackers have escalated their extortion strategies by stealing files from victims before encrypting their data. These stolen files are then used as further leverage to force victims to pay. Many ransomware hackers have created data leak sites to publicly shame their victims and publish the files they stole. Here is a sample site:

Here a list of sites in the dark web that list ransonwware leaks: https://github.com/joshhighet/ransomwatch/blob/main/docs/INDEX.md

Kaduu is monitoring the following sites:

Why is it useful to monitor this?

One would expect that the company affected by a ransomware attack would be the first to know about it. However, there are scenarios why this should be monitored:

a) Some companies are decentralized with different subsidiaries. The flow of information to a central location does not always work. In such cases, monitoring helps to keep track of the situation, even if a remote office abroad is affected by an attack.

b) It makes sense to also include suppliers and partners in the monitoring. For example, if a partner is hit by a ransomware attack, the company itself may also be affected. In the data of the attacked company (price lists, email communication, contracts, etc.), the own company can also be mentioned.

How to query?

You can simply put the company name as a search criteria:

When you click on the results, you see which ransomware type was used and the link to the according darknet website: