About RansomLook

What is RansomLook?

RansomLook is an open‑source project aimed at assisting users in tracking ransomware‑related posts and activities across various sites and forums.

The main components include:

• Blog monitoring and victim extraction
• Forum monitoring (parsing is not available)
• Overview of Ransomware Notes
• Tracking leaks from public sources
• Leak tracking from RecordedFuture provider (private API required)
• Monitoring of various known Bitcoin wallets

Is it free?

Yes, it is free—and more importantly, it is open‑source.

RansomLook is licensed under the GNU Affero General Public License (AGPL) v3.0.

How can I follow new posts?

There are various ways to stay updated with new posts:

• Run your own instance and enable RocketChat and/or email notifications
• Check the public instance: ransomlook.io
• Access the API — Documentation
• Follow us on Mastodon: @Ransomlook@social.circl.lu

There is NO official Telegram Channel!

Want to be part of the RansomLook community?

Join us in making RansomLook even better! Here's how you can contribute:

• Create an issue on our GitHub repository — GitHub
• Submit pull requests with new features or improvements
• Share new sources of DLS (Darknet Leak Sites)
• Report any bugs you come across
• Suggest new functionalities that could enhance RansomLook
• Follow us on LinkedIn and be part of the community Here !

Credits & Thanks

RansomLook is maintained by Alexandre Dulaunoy and Fafner [_KeyZee_].

We thank Tammy Harper for her contributions to adding new groups and her regular feedback to improve the project.

We warmly thank Ecrime.ch for its feedback and sharing on the group.

We sincerely thank Onyphe.io for providing to us a CTIScan API key to hunt new servers and new groups.

We also thank Ransom-ISAC. Ransom-ISAC takes a left-field, unique approach to threat intelligence by building a community-driven, vendor-neutral ecosystem focused on openness and collaboration. It connects defenders of all sizes to share actionable ransomware insights in a trusted, transparent space, strengthening global resilience through collective knowledge and shared purpose.

Main members of RansomLook have an opportunity to earn a LOCKSTAR. The LOCK STAR Initiative empowers researchers, cybersecurity professionals, and enthusiasts to share their knowledge and intelligence through blogs, conference presentations, and active community contributions. By creating space for open collaboration and knowledge exchange, the initiative encourages diverse voices to contribute insights, tools, and real-world experiences — strengthening collective understanding and resilience against ransomware and other evolving cyber threats.

The code is based on RansomWatch.

External data sources

• Ransomwhe.re for cryptocurrency addresses
• ThreatLabz for the RansomNotes
• leak-lookup for public leaks

Usage of the API and License

All content provided by ransomlook.io — including the website, API responses, and datasets — is made available under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.

You are free to share and adapt the material for any purpose, even commercially, provided that appropriate credit is given.