INFO: Ransomware Victim Report

DESCRIPTION LAST UPDATED: 2024-01-11

DEFAULT SEVERITY LEVEL: INFO

This report lists recent ransomware victims published by ransomware actors on their public data leak sites. Unlike most of our reports which are fully automated, the data in this report is manually processed for verification and enrichment purposes, which may introduce a delay in reporting. A link to the source is included, to enable independent confirmation. Note that the location data is the result of our manual enrichment, not the usual automatic mapping processes, and sector codes are manually assigned based on US NAICS codes.

This report is only shared with National CSIRTs and LE agencies, for informational and awareness purposes.

Severity levels are described here.

This report is released as part of the EU ISF MISP-LEA project.

Filename prefix: ransomware_victim.

Fields

  • timestamp
    The timestamp when we checked the public data leak site and found the entry (UTC+0)
  • entity_name
    The ransomware victim
  • website
    Website of the victim
  • geo
    Country of the victim (main place of business)
  • region
    Region of the victim
  • sector
    Industry sector of the victim (manually assigned based on US NAICS codes)
  • date_published
    Date information on the breach was published by the ransomware actor
  • ransomware
    Name of the ransomware actor
  • leak_site_url
    URL of the public data leak site (where the information was published)
  • severity
    Severity level (of the report)
  • actor_geo_stats_30d
    Count of how many other victims were publicly leaked by the same ransomware actor in the country of the victim during the past 30 days
  • actor_total_stats_30d
    Count of how many other victims were publicly leaked by the same ransomware actor worldwide during the past 30 days

Sample

"timestamp","entity_name","website","geo","region","sector","date_published","ransomware","leak_site_url","severity","actor_geo_stats_30d","actor_total_stats_30d"
"2010-02-10 00:00:00","Victim 1",http://one.example.com/,ZZ,Region,"Accommodation and Food Services","2010-02-10 00:00:00",Actor,http://actor.onion,info,3,3
"2010-02-10 00:00:01","Victim 2",http://two.example.com/,ZZ,Region,Information,"2010-02-10 00:00:00",Actor,http://actor.onion,info,3,3
"2010-02-10 00:00:02","Victim 3",http://three.example.com/,ZZ,Region,Utilities,"2010-02-10 00:00:00",Actor,http://actor.onion,info,3,3

Our 131 Report Types

« Back to Network Reporting