Introducing: Ransomware Tracker

Two years have passed since I published my last project, SSLBL. The past years have been very busy, so I couldn’t find any time for neither expansion of existing projects nor coming up with any new ones. However, in the past months I’ve seen so many people becoming victims of Ransomware, which motivated me to spend my time for a new project. Today I’m happy to announce my newest project, introducing: Ransomware Tracker.

Ransomware Tracker
The purpose of Ransomware Tracker is:

  • Providing an overview on internet infrastructure used by cybercriminals for their Ransomware operations
  • Providing hosting- and internet service providers (ISPs), law enforcement agencies (LEA) and national CERTs/CSIRTs intel on such infrastructure within their consticuency
  • Offering blocklists for internet users, enterprises and antivirus vendors and security solution providers
  • Giving internet users and enterprises a brief overview on Ransomware mitigation strategies

At the moment, Ransomware Tracker tracks the following Ransomware families:

  • CryptoWall
  • TeslaCrypt
  • TorrentLocker
  • PadCrypt
  • Locky
  • CTB-Locker
  • FAKBEN

More Ransomware families will be added to Ransomware Tracker in the future.
As for all of my tracking projects, Ransomware Tracker needs as much data as possible. New submissions for Ransomware Tracker are warmly welcome. You can send new additions to rt-RintANel@abuse.ch (remove all letters in uppercase). Malware binaries that you suspect to be associated with a certain Ransomware family can be send to rt-malwSOareM@abuse.ch (remove all letters in uppercase) for analysis.

I also want to thank Shadowserver for donating a hosting plan for Ransomware Tracker. In addition, I would like to thank My Online Security, TechHelpList.com and Dynamoo for their blogging efforts about new malware campaigns.

2 thoughts on “Introducing: Ransomware Tracker

  1. Stephan

    Great service, we are using it to protect our school-proxy-server. Thank you very much for this!

    What I´m interested in: is it possible to provide an MD5 hash (md5sum) og the blocklists? This would improve the automation and reliability enourmous!

    Thanks in advance 😉

Leave a Reply

Your email address will not be published. Required fields are marked *