Ransomware.live

https://www.ransomware.live/

Public extortion-leak observatory — scrapes ransomware groups' shaming sites and exposes new claims (added 2026-05-08). 2026-05-08 audit: WebFetch returned 5 fresh victim entries (5h-old). For automated monitoring, use the JSON API at https://api.ransomware.live/v2/groups (one entry per group with recent victims). Discovery — always corroborate against victim statement / regulator filing before citing as confirmed breach. Candidate — promote to active after 3 runs. | 2026-06-20 full audit (v2.62): live=Y, drill=Y. FETCH → api: python3 tools/fetch_source.py url https://api.ransomware.live/v2/recentvictims (new victim claims, one record each with victim/group/activity/country/claim_url); /v2/groups for per-group view. AVOID: Do NOT rely on the homepage HTML for automation — use the JSON API. Treat as discovery: every claim is an unverified extortion-site post; corroborate before citing as confirmed breach..