Jack Cable, Stanford’s student and Krebs Stamos Group cybersecurity researcher created the Ransomwhere project that is free and open database of payments that have been transferred to various ransomware hack groups.
This database, devoid of any personal information, will be available to information security specialists and law enforcement officers for free download. Unfortunately, such a database can be easily corrupted by fake material, but to counter this, Cable plans to study all submissions, and in the future plans to add a voting system for individuals so that reports can be flagged as fake.
In general, the site is very simple: it allows victims of ransomware attacks and security specialists to transfer copies of their ransom notes to Ransomwhere, as well as report the amount of the ransom and the bitcoin address to which the victims transferred the payment. Then this address will be indexed in the public database.
The main idea is to create a centralized system that tracks payments sent by hackers, which will allow them assessing the scale of their profits and operations more accurately, about which very little is known. The creator of the project hopes that the anonymous exchange of payment data through a third-party service, such as Ransomwhere, will remove some barriers in the information security community, such as nondisclosure agreements and business competition.
So far, Cable relies only on publicly available materials to expand its database, but the researcher told The Record that he is already exploring “the possibility of partnerships with analytical companies in the field of information security and blockchain to integrate the data they may have about the victims.”
Reporters note that the launch of the Ransomwhere project is very similar to the launch of the ID-Ransomware project created by Michael Gillespie in early 2016. Initially, it was a site where hacker victims could download the ransom notes they received, and the site told them which malware family was attacking their systems and where they could get help recovering their files. As a result, ID-Ransomware has become an indispensable tool for many incident response specialists.
Let me remind you that I also talked about the fact that HIBP (Have I Been Pwned?) Leak aggregator opens the source code.