Two years have passed since I published my last project, SSLBL. The past years have been very busy, so I couldn’t find any time for neither expansion of existing projects nor coming up with any new ones. However, in the past months I’ve seen so many people becoming victims of Ransomware, which motivated me to spend my time for a new project. Today I’m happy to announce my newest project, introducing: Ransomware Tracker.
- Providing an overview on internet infrastructure used by cybercriminals for their Ransomware operations
- Providing hosting- and internet service providers (ISPs), law enforcement agencies (LEA) and national CERTs/CSIRTs intel on such infrastructure within their consticuency
- Offering blocklists for internet users, enterprises and antivirus vendors and security solution providers
- Giving internet users and enterprises a brief overview on Ransomware mitigation strategies
At the moment, Ransomware Tracker tracks the following Ransomware families:
More Ransomware families will be added to Ransomware Tracker in the future.
As for all of my tracking projects, Ransomware Tracker needs as much data as possible. New submissions for Ransomware Tracker are warmly welcome. You can send new additions to rt-RintANel@abuse.ch (remove all letters in uppercase). Malware binaries that you suspect to be associated with a certain Ransomware family can be send to rt-malwSOareM@abuse.ch (remove all letters in uppercase) for analysis.
I also want to thank Shadowserver for donating a hosting plan for Ransomware Tracker. In addition, I would like to thank My Online Security, TechHelpList.com and Dynamoo for their blogging efforts about new malware campaigns.