Browse ransomware data
Report ransomware addresses
Data is made freely available to interested individuals and organizations. To prevent abuse, all applications must be approved. Please check back soon for instructions on applying for data access.
Why track ransomware payments?
Transparency is crucially needed in assessing the spread of ransomware and the efficacy of mitigations. Fortunately, due to the transparent nature of Bitcoin, it's easy to track payments with knowledge of receipt addresses. By crowdsourcing ransomware payment addresses, we hope to provide an open resource for the security community and the public.
How complete is the data?
As Ransomwhere is new, we are still working on building out our dataset. Reports have placed total ransomware revenue in 2020 at up to $350 million.
Can't someone fake a report?
While it's impossible to verify with complete certainty that a report is accurate, we aim to utilize the wisdom of the crowds to prevent abuse. All reports are required to include a screenshot of the ransomware payment demand, and will be reviewed before being displayed. Addresses with more than one report from different sources will be given priority, and all elements of all reports will be publicly available. We will remove reports if we believe they are untruthful.
How are dollar values calculated?
Dollar values are calculated using the bitcoin exchange rate the day that the transaction was sent. As a result, they serve as an approximate measure but are not necessarily the exact amount the criminals sold the bitcoin for.
Do you have an API?
Yes, Ransomwhere has a public API. The most basic endpoint is
receive all past transactions. We are working on further documenting the API.
How can I help out?
We are always open to collaboration! Beyond submitting reports, please email us if you are interested in further collaboration. If you are interested in contributing to code, feel free to check out our GitHub repository.