Ransomware Intelligence Tool - Designed for threat intelligence, security research, and situational awareness
Project description
ransomwatch - Ransomware Intelligence Tool
A Python tool for ransomware threat intelligence and security research.
Legal Notice & Ethical Use
For legitimate security research and threat intelligence only. All data is sourced exclusively via read-only API queries to ransomware.live -- no direct interaction with ransomware infrastructure.
This tool must not be used for:
- Targeting, extorting, or further victimizing affected organizations
- Interfering with law enforcement investigations or incident response
- Any purpose that violates applicable laws (GDPR, CCPA, computer fraud statutes)
By using this tool, you agree to comply with all applicable laws in your jurisdiction.
Quick Start
pip install ransomwatch
export RANSOMWATCH_API_TOKEN="your-token-here"
ransomwatch groups
Get your API token from ransomware.live.
Commands
| Command | Description | Example |
|---|---|---|
groups |
List active ransomware groups with risk levels | ransomwatch groups |
recent |
Show recent ransomware incidents | ransomwatch recent -l 20 |
info |
Get detailed threat actor intelligence | ransomwatch info --group akira |
stats |
Show threat landscape statistics | ransomwatch stats |
validate |
Validate API key | ransomwatch validate |
sectors |
List industry sectors impacted | ransomwatch sectors |
csirt |
Get CSIRT/CERT contacts by country | ransomwatch csirt --country US |
victims |
List ransomware victims with filters | ransomwatch victims --country US |
iocs |
Show indicators of compromise | ransomwatch iocs --group Akira |
yara |
Show YARA detection rules | ransomwatch yara --group Akira |
8k |
Show SEC 8-K cybersecurity filings | ransomwatch 8k --year 2025 |
All commands support --json for machine-readable output and --verbose for debug logging. See ransomwatch --help for all options.
Installation
# PyPI (recommended)
pip install ransomwatch
# Development
git clone https://github.com/yannickboog/ransomwatch.git
cd ransomwatch
pip install -e .
Requirements
- Python 3.8+
- API token from ransomware.live
License
MIT License - see LICENSE file for details.
Data source: ransomware.live
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ransomwatch-1.7.0.tar.gz.
File metadata
- Download URL: ransomwatch-1.7.0.tar.gz
- Upload date:
- Size: 20.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2bc6df41a6f87efbc97faf77d4557f614e67ddcc3aa39c221c77580b15568f28
|
|
| MD5 |
e64f389006d7902d6552563f53c88e2d
|
|
| BLAKE2b-256 |
ea788cf18677c84873518e76f26dd36654095b51f3327eb78cfc8cf2cf31f723
|
File details
Details for the file ransomwatch-1.7.0-py3-none-any.whl.
File metadata
- Download URL: ransomwatch-1.7.0-py3-none-any.whl
- Upload date:
- Size: 23.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1ae89392595cbe9169e816cc21694979816437d4627698c01a22121ed14c88b6
|
|
| MD5 |
64357b6a251adc18d69727248cba1ca0
|
|
| BLAKE2b-256 |
993f83b4041c210f2dd2fab6c508c488d187ae93c78c0bdec256b71cacb58b0d
|
