# ransomwatch - Ransomware Intelligence Tool
A Python tool for ransomware threat intelligence and security research.



## 🚀 Quick Start
```bash
# Install/Update from PyPI (recommended)
pip install ransomwatch
pip install --upgrade ransomwatch
# Set API token (get from ransomware.live)
export RANSOMWATCH_API_TOKEN="your-token-here"
# Use it
ransomwatch groups
ransomwatch recent -l 10
ransomwatch info --group ransomhub
ransomwatch stats
```
## Commands
| Command | Description | Example |
|---------|-------------|---------|
| `groups` | List active ransomware groups with risk levels | `ransomwatch groups` |
| `recent` | Show recent ransomware incidents | `ransomwatch recent -l 20` |
| `info` | Get detailed threat actor intelligence | `ransomwatch info --group akira` |
| `stats` | Show threat landscape statistics | `ransomwatch stats` |
## Options
```bash
--json # JSON output for automation
--verbose # Debug logging
--timeout N # Request timeout (default: 10s)
--rate-limit-per-minute N # API rate limiting
```
## Output Examples
### Ransomware Groups Analysis
```
RANSOMWARE GROUP ANALYSIS
Active Groups: 271
====================================
1. [CRITICAL] lockbit3
Victim Count: 2,016
2. [CRITICAL] clop
Victim Count: 1,012
3. [CRITICAL] alphv
Alternative Name: blackcat
Victim Count: 731
4. [HIGH] play
Victim Count: 93
5. [MEDIUM] akira
Victim Count: 45
6. [LOW] chaos
Victim Count: 10
...
====================================
SUMMARY: 271 Groups | 8,234 Total Victims
RISK BREAKDOWN: Critical: 15 | High: 28 | Medium: 84 | Low: 144
```
### Recent Ransomware Incidents
```
RECENT RANSOMWARE INCIDENTS
Displaying: 10 most recent cases
====================================
1. VICTIM: ...
Threat Actor: lockbit3
Discovery Date: 2024-01-01 20:15
Location: United States
Website: www.example.com
Details: ...
2. VICTIM: ...
Threat Actor: alphv
Discovery Date: 2023-01-01 08:15
Location: Canada
Details: ...
...
====================================
TOTAL INCIDENTS DISPLAYED: 10
```
### Threat Actor Intelligence Report
```
THREAT ACTOR INTELLIGENCE REPORT
====================================
PRIMARY IDENTIFIER: lockbit3
THREAT CLASSIFICATION: CRITICAL
CONFIRMED VICTIMS: 2,016
OPERATIONAL TIMELINE:
Initial Detection: 2019-09-01
Most Recent Activity: 2024-01-15
TACTICS, TECHNIQUES & PROCEDURES (TTPs):
...
====================================
```
## Automation & Integration
```bash
# JSON output
ransomwatch --json groups > threat_groups.json
ransomwatch --json recent -l 100 > incidents.json
# Daily threat intelligence reports
DATE=$(date +%Y-%m-%d)
ransomwatch --json stats > "threat_landscape_${DATE}.json"
# Filter high-risk groups with jq
ransomwatch --json groups | jq '.groups[] | select(.victims > 100) | {name: .group, victims: .victims, threat_level: "CRITICAL"}'
# Generate reports
ransomwatch groups > daily_threat_brief.txt
ransomwatch recent -l 20 > recent_incidents.txt
```
## Installation Methods
### Method 1: PyPI Install (Recommended)
```bash
pip install ransomwatch
ransomwatch --help
```
### Method 2: Development Install
```bash
git clone https://github.com/yannickboog/ransomwatch.git
cd ransomwatch
pip install -e .
ransomwatch --help
```
### Method 3: Direct Usage
```bash
git clone https://github.com/yannickboog/ransomwatch.git
cd ransomwatch
pip install -r requirements.txt
python3 -m ransomwatch --help
```
## 🔑 API Token
1. Get token from [ransomware.live](https://ransomware.live)
2. Set environment variable:
### Linux/macOS
#### Temporary (current session only)
```bash
export RANSOMWATCH_API_TOKEN="your-token"
```
#### For permanent setup on Linux/macOS:
```bash
echo 'export RANSOMWATCH_API_TOKEN="your-token"' >> ~/.bashrc
```
### Windows
#### Temporary (current session only)
**CMD:**
```cmd
set RANSOMWATCH_API_TOKEN=your-token
```
**PowerShell:**
```powershell
$env:RANSOMWATCH_API_TOKEN = "your-token"
```
#### Permanent (for all new sessions)
**CMD - For current user:**
```cmd
setx RANSOMWATCH_API_TOKEN "your-token"
```
**CMD - For all users (as Administrator):**
```cmd
setx RANSOMWATCH_API_TOKEN "your-token" /M
```
**PowerShell - For current user:**
```powershell
[Environment]::SetEnvironmentVariable("RANSOMWATCH_API_TOKEN", "your-token", "User")
```
**PowerShell - For all users (as Administrator):**
```powershell
[Environment]::SetEnvironmentVariable("RANSOMWATCH_API_TOKEN", "your-token", "Machine")
```
## Troubleshooting
| Error | Solution |
|-------|----------|
| "No API token provided" | Linux/macOS: `export RANSOMWATCH_API_TOKEN="token"`<br>Windows CMD: `set RANSOMWATCH_API_TOKEN=token`<br>Windows PowerShell: `$env:RANSOMWATCH_API_TOKEN = "token"` |
| "Request timed out" | `ransomwatch --timeout 30 groups` |
| "Invalid command" | Use: `groups`, `recent`, `info`, `stats` |
## Requirements
- Python 3.8+
- API token from ransomware.live
## 💰 Support
If this tool helped you, consider supporting development:
**Bitcoin**: `bc1qmmr6hqlqs097l4ehgyccu8aulk68hmpn3rwkn8`
## License
MIT License - see LICENSE file for details.
---
**For legitimate security research and threat intelligence purposes only.**
Raw data
{
"_id": null,
"home_page": null,
"name": "ransomwatch",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "ransomware, security, threat-intelligence, cybersecurity",
"author": null,
"author_email": "Yannick Boog <security@yannick.xyz>",
"download_url": "https://files.pythonhosted.org/packages/18/35/89a553f91cae690fe45c7fe9bcc4b539bde11c2f0dc1c50a73fbb1253b68/ransomwatch-1.2.3.tar.gz",
"platform": null,
"description": "# ransomwatch - Ransomware Intelligence Tool\n\nA Python tool for ransomware threat intelligence and security research.\n\n\n\n\n\n## \ud83d\ude80 Quick Start\n\n```bash\n# Install/Update from PyPI (recommended)\npip install ransomwatch\npip install --upgrade ransomwatch\n\n# Set API token (get from ransomware.live)\nexport RANSOMWATCH_API_TOKEN=\"your-token-here\"\n\n# Use it\nransomwatch groups\nransomwatch recent -l 10\nransomwatch info --group ransomhub\nransomwatch stats\n```\n\n## Commands\n\n| Command | Description | Example |\n|---------|-------------|---------|\n| `groups` | List active ransomware groups with risk levels | `ransomwatch groups` |\n| `recent` | Show recent ransomware incidents | `ransomwatch recent -l 20` |\n| `info` | Get detailed threat actor intelligence | `ransomwatch info --group akira` |\n| `stats` | Show threat landscape statistics | `ransomwatch stats` |\n\n## Options\n\n```bash\n--json # JSON output for automation\n--verbose # Debug logging\n--timeout N # Request timeout (default: 10s)\n--rate-limit-per-minute N # API rate limiting\n```\n\n## Output Examples\n\n### Ransomware Groups Analysis\n```\nRANSOMWARE GROUP ANALYSIS\nActive Groups: 271\n====================================\n 1. [CRITICAL] lockbit3\n Victim Count: 2,016\n\n 2. [CRITICAL] clop\n Victim Count: 1,012\n\n 3. [CRITICAL] alphv\n Alternative Name: blackcat\n Victim Count: 731\n\n 4. [HIGH] play\n Victim Count: 93\n\n 5. [MEDIUM] akira\n Victim Count: 45\n\n 6. [LOW] chaos\n Victim Count: 10\n\n ...\n\n====================================\nSUMMARY: 271 Groups | 8,234 Total Victims\nRISK BREAKDOWN: Critical: 15 | High: 28 | Medium: 84 | Low: 144\n```\n\n### Recent Ransomware Incidents\n```\nRECENT RANSOMWARE INCIDENTS\nDisplaying: 10 most recent cases\n====================================\n 1. VICTIM: ...\n Threat Actor: lockbit3\n Discovery Date: 2024-01-01 20:15\n Location: United States\n Website: www.example.com\n Details: ...\n\n 2. VICTIM: ...\n Threat Actor: alphv\n Discovery Date: 2023-01-01 08:15\n Location: Canada\n Details: ...\n\n ...\n\n====================================\nTOTAL INCIDENTS DISPLAYED: 10\n```\n\n### Threat Actor Intelligence Report\n```\nTHREAT ACTOR INTELLIGENCE REPORT\n====================================\nPRIMARY IDENTIFIER: lockbit3\nTHREAT CLASSIFICATION: CRITICAL\nCONFIRMED VICTIMS: 2,016\n\nOPERATIONAL TIMELINE:\nInitial Detection: 2019-09-01\nMost Recent Activity: 2024-01-15\n\nTACTICS, TECHNIQUES & PROCEDURES (TTPs):\n\n ...\n\n====================================\n```\n\n## Automation & Integration\n\n```bash\n# JSON output\nransomwatch --json groups > threat_groups.json\nransomwatch --json recent -l 100 > incidents.json\n\n# Daily threat intelligence reports\nDATE=$(date +%Y-%m-%d)\nransomwatch --json stats > \"threat_landscape_${DATE}.json\"\n\n# Filter high-risk groups with jq\nransomwatch --json groups | jq '.groups[] | select(.victims > 100) | {name: .group, victims: .victims, threat_level: \"CRITICAL\"}'\n\n# Generate reports\nransomwatch groups > daily_threat_brief.txt\nransomwatch recent -l 20 > recent_incidents.txt\n```\n\n## Installation Methods\n\n### Method 1: PyPI Install (Recommended)\n```bash\npip install ransomwatch\nransomwatch --help\n```\n\n### Method 2: Development Install\n```bash\ngit clone https://github.com/yannickboog/ransomwatch.git\ncd ransomwatch\npip install -e .\nransomwatch --help\n```\n\n### Method 3: Direct Usage\n```bash\ngit clone https://github.com/yannickboog/ransomwatch.git\ncd ransomwatch\npip install -r requirements.txt\npython3 -m ransomwatch --help\n```\n\n## \ud83d\udd11 API Token\n\n1. Get token from [ransomware.live](https://ransomware.live)\n2. Set environment variable:\n\n### Linux/macOS\n\n#### Temporary (current session only)\n```bash\nexport RANSOMWATCH_API_TOKEN=\"your-token\"\n```\n\n#### For permanent setup on Linux/macOS:\n```bash\necho 'export RANSOMWATCH_API_TOKEN=\"your-token\"' >> ~/.bashrc\n```\n\n### Windows\n\n#### Temporary (current session only)\n**CMD:**\n```cmd\nset RANSOMWATCH_API_TOKEN=your-token\n```\n\n**PowerShell:**\n```powershell\n$env:RANSOMWATCH_API_TOKEN = \"your-token\"\n```\n\n#### Permanent (for all new sessions)\n**CMD - For current user:**\n```cmd\nsetx RANSOMWATCH_API_TOKEN \"your-token\"\n```\n\n**CMD - For all users (as Administrator):**\n```cmd\nsetx RANSOMWATCH_API_TOKEN \"your-token\" /M\n```\n\n**PowerShell - For current user:**\n```powershell\n[Environment]::SetEnvironmentVariable(\"RANSOMWATCH_API_TOKEN\", \"your-token\", \"User\")\n```\n\n**PowerShell - For all users (as Administrator):**\n```powershell\n[Environment]::SetEnvironmentVariable(\"RANSOMWATCH_API_TOKEN\", \"your-token\", \"Machine\")\n```\n\n## Troubleshooting\n\n| Error | Solution |\n|-------|----------|\n| \"No API token provided\" | Linux/macOS: `export RANSOMWATCH_API_TOKEN=\"token\"`<br>Windows CMD: `set RANSOMWATCH_API_TOKEN=token`<br>Windows PowerShell: `$env:RANSOMWATCH_API_TOKEN = \"token\"` |\n| \"Request timed out\" | `ransomwatch --timeout 30 groups` |\n| \"Invalid command\" | Use: `groups`, `recent`, `info`, `stats` |\n\n## Requirements\n\n- Python 3.8+\n- API token from ransomware.live\n\n## \ud83d\udcb0 Support\n\nIf this tool helped you, consider supporting development:\n\n**Bitcoin**: `bc1qmmr6hqlqs097l4ehgyccu8aulk68hmpn3rwkn8`\n\n## License\n\nMIT License - see LICENSE file for details.\n\n---\n\n**For legitimate security research and threat intelligence purposes only.**\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Ransomware Intelligence Tool - Designed for threat intelligence, security research, and situational awareness",
"version": "1.2.3",
"project_urls": {
"Bug Reports": "https://github.com/yannickboog/ransomwatch/issues",
"Homepage": "https://github.com/yannickboog/ransomwatch",
"Source": "https://github.com/yannickboog/ransomwatch"
},
"split_keywords": [
"ransomware",
" security",
" threat-intelligence",
" cybersecurity"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "be715eb44794ff12a839c059ec679464dc1c354f242dd12d65d7f02a1cda223f",
"md5": "eb6b0b327f1c0b226f2033589ac7cb1d",
"sha256": "9316ebc890759d5002dccea992e0d928ec7f4d9f7a32b49673680af98b77df57"
},
"downloads": -1,
"filename": "ransomwatch-1.2.3-py3-none-any.whl",
"has_sig": false,
"md5_digest": "eb6b0b327f1c0b226f2033589ac7cb1d",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 17647,
"upload_time": "2025-07-08T22:36:27",
"upload_time_iso_8601": "2025-07-08T22:36:27.694909Z",
"url": "https://files.pythonhosted.org/packages/be/71/5eb44794ff12a839c059ec679464dc1c354f242dd12d65d7f02a1cda223f/ransomwatch-1.2.3-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "183589a553f91cae690fe45c7fe9bcc4b539bde11c2f0dc1c50a73fbb1253b68",
"md5": "63d329182915e675a2eef94f86407c87",
"sha256": "e5b5c6e189cb5cb00bd59029f9778b2690330d7505281809b3e3728ec4cb0539"
},
"downloads": -1,
"filename": "ransomwatch-1.2.3.tar.gz",
"has_sig": false,
"md5_digest": "63d329182915e675a2eef94f86407c87",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 17684,
"upload_time": "2025-07-08T22:36:29",
"upload_time_iso_8601": "2025-07-08T22:36:29.291221Z",
"url": "https://files.pythonhosted.org/packages/18/35/89a553f91cae690fe45c7fe9bcc4b539bde11c2f0dc1c50a73fbb1253b68/ransomwatch-1.2.3.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-08 22:36:29",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "yannickboog",
"github_project": "ransomwatch",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "requests",
"specs": [
[
">=",
"2.31.0"
]
]
},
{
"name": "urllib3",
"specs": [
[
">=",
"1.26.0"
]
]
}
],
"lcname": "ransomwatch"
}