{"id":5159,"date":"2024-09-20T22:22:18","date_gmt":"2024-09-20T22:22:18","guid":{"rendered":"https:\/\/osintme.com\/?p=5159"},"modified":"2024-09-20T22:23:54","modified_gmt":"2024-09-20T22:23:54","slug":"osint-resources-for-researching-ransomware","status":"publish","type":"post","link":"https:\/\/osintme.com\/index.php\/2024\/09\/20\/osint-resources-for-researching-ransomware\/","title":{"rendered":"OSINT resources for researching ransomware"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"5159\" class=\"elementor elementor-5159\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-216a9d3 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"216a9d3\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-63412bf\" data-id=\"63412bf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8bbb00b elementor-widget elementor-widget-text-editor\" data-id=\"8bbb00b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Last month the US Senate Intelligence Committee proposed the introduction of new legislation to deal with ransomware attacks &#8211; basically, to treat them on par with terrorism.<\/p><p>While at this point ransomware is far from being a newly emerging threat, a new trend can be observed in 2024 and probably beyond in terms of ransomware attacks relying on legitimate encryption software sometimes native to the systems they are targeting. There has also been an increase in the abuse of legitimate remote monitoring and management tools (RMM) and remote desktop protocol (RDP) software &#8211; examples being Teamviewer, AnyDesk, ScreenConnect, etc.<\/p><p>Throughout 2024 there were also counts of cyber attacks that previously would have resulted in ransomware deployment, but the attackers skipped that component and basically stole the data only to follow up with a financial extortion demand &#8211; so no ransom malware was actually deployed.<\/p><p>As trends change and evolve, so do sources and methods of collecting relevant information.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-16af94d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"16af94d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1f2baf8\" data-id=\"1f2baf8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-80fd76d elementor-widget elementor-widget-text-editor\" data-id=\"80fd76d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Currently, OSINT collection techniques can be successfully applied to practically all aspects of ransomware research. Depending on your approach and intelligence collection needs, you might want to be focusing on one or more of the following angles:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-714a291 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"714a291\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5f2d3e7\" data-id=\"5f2d3e7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bfeec15 elementor-widget elementor-widget-text-editor\" data-id=\"bfeec15\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><strong>Threat actor infrastructure<\/strong> &#8211; websites and in particular servers that are being used in the ransomware infection chain, from phishing domains and websites used for ransomware distribution to servers used for hosting it and deploying it against victims.<\/li><li><strong>Ransomware C2 (Command and Control) servers<\/strong> &#8211; specifically used for controlling botnets used in ransomware distribution but also for maintaining communication with the infected machines.<\/li><li><strong>General modus operandi intelligence<\/strong> &#8211; this pertains to the minutiae of ransomware groups operations, from their general online presence, communication style, ransom notes, cryptocurrencies, file hashes, criminal forums where they operate and more.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-218f1f9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"218f1f9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9a89799\" data-id=\"9a89799\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9fa0d41 elementor-widget elementor-widget-text-editor\" data-id=\"9fa0d41\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>So let&#8217;s take a look at some really useful OSINT sources for ransomware.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0905ac9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0905ac9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f509dd8\" data-id=\"f509dd8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-47f46d7 elementor-widget elementor-widget-heading\" data-id=\"47f46d7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Ransomware related intelligence<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8e57e8f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8e57e8f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-839b294\" data-id=\"839b294\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8969a02 elementor-widget elementor-widget-text-editor\" data-id=\"8969a02\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"https:\/\/www.ransomlook.io\/\">Ransomlook<\/a> &#8211; a huge repository of ransomware related content, from forums and markets to leaks, threat actor profiles and more. A must read by any self respecting ransomware researcher.<\/li><li><a href=\"https:\/\/github.com\/fastfire\/deepdarkCTI\/blob\/main\/ransomware_gang.md\">DeepdarkCTI<\/a> &#8211; a treasure trove of information on ransomware and adjacent topics.<\/li><li><a href=\"https:\/\/id-ransomware.blogspot.com\/\">ID Ransomware<\/a> &#8211; an independent researcher blog, often focusing on less known and small time commodity ransomware.<\/li><li><a href=\"https:\/\/ransomwatch.telemetry.ltd\/#\/\">Ransomwatch<\/a> &#8211; a crawler that focuses on hundreds of sites operated by ransomware groups and brings up posts, profiles and general activity associated with those.<\/li><li><a href=\"https:\/\/www.reddit.com\/r\/ransomwarehelp\/\">Ransomwarehelp on Reddit<\/a> &#8211; a community of users sharing information on ransom attacks and attempted attacks, with some useful prevention and mitigation content surfacing from time to time.<\/li><li><a href=\"https:\/\/www.nomoreransom.org\">No More Ransom<\/a> &#8211; a resource from Europol, mentioned on this blog before. Not only does it offer advice on how to avoid ransomware infections, but it gives you free decryption tools for many strains of ransomware that have been reverse engineered by the Europol experts. It comes in handy when you try to find out which ransomware has been neutralised.<\/li><li><a href=\"https:\/\/github.com\/cert-orangecyberdefense\/ransomware_map\/blob\/main\/OCD_WorldWatch_Ransomware-ecosystem-map.pdf\">Ransomware Map<\/a> &#8211; created by the CERT Orange CyberDefense, it contains a visualisation of major ransomware attacks throughout time. Hopefully they continue to maintain it beyond 2024 and longer.<\/li><li><a href=\"https:\/\/ransomch.at\/\">Ransom Chat<\/a> &#8211; a ransomware chat viewer that offers unique insights into how threat actors interact with the victims, how the negotiations happen and even some example advice that the threat actors offer to their victims after they have made the ransom payments.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ff39f5c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ff39f5c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-461a889\" data-id=\"461a889\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-52142aa elementor-widget elementor-widget-image\" data-id=\"52142aa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"727\" height=\"231\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2024\/09\/ransomware-osint-advice.png?fit=727%2C231&amp;ssl=1\" class=\"attachment-large size-large wp-image-5184\" alt=\"ransomware osint advice\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2024\/09\/ransomware-osint-advice.png?w=727&amp;ssl=1 727w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2024\/09\/ransomware-osint-advice.png?resize=300%2C95&amp;ssl=1 300w\" sizes=\"(max-width: 727px) 100vw, 727px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-bfc725b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bfc725b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9ac7124\" data-id=\"9ac7124\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0caf61b elementor-widget elementor-widget-heading\" data-id=\"0caf61b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Shodan queries &amp; filters<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7a66701 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7a66701\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-05a474e\" data-id=\"05a474e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7579eea elementor-widget elementor-widget-text-editor\" data-id=\"7579eea\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Shodan is useful for uncovering some of the currently active, public-facing systems infected by various strains of ransomware. Expect to see mainly login screens, although sometimes you can encounter detailed ransom notes too.<\/p><p>One important caveat regarding Shodan queries for ransomware: they most likely will return multiple false positives, like honeypots or hits on IP addresses associated with FTP instances that have since been secured or removed offline.<\/p><p>So here are some useful queries:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6aa4da6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6aa4da6\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b788e85\" data-id=\"b788e85\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c9790a2 elementor-widget elementor-widget-text-editor\" data-id=\"c9790a2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"https:\/\/www.shodan.io\/search?query=ransomware\">ransomware<\/a> &#8211; yes, the most basic query &#8211; but it does yield results from the get-go.<\/li><li><a href=\"https:\/\/www.shodan.io\/search?query=has+been+encrypted\">has been encrypted<\/a> &#8211; a general query returning results that contain keywords of interest.<\/li><li><a href=\"https:\/\/www.shodan.io\/search?query=%22has+been+encrypted%22\">&#8220;has been encrypted&#8221;<\/a> &#8211;\u00a0 a more granular and specific variation of one of the queries above. Will return the exact phrase encapsulated within the quotes, so do customise and adapt your keywords as necessary.<\/li><li><a href=\"https:\/\/www.shodan.io\/search?query=%22encrypted+by%22\">&#8220;encrypted by&#8221;<\/a> &#8211; a general search query that is threat actor agnostic &#8211; it contains probably the most commonly used phrase that is associated with ransomware infections in general. If searching for infections attributed to a specific ransomware group, make sure to insert the name, for example:<\/li><li><em><a href=\"https:\/\/www.shodan.io\/search?query=%22Encrypted+by+BlackBit%22\">&#8220;encrypted by BlackBit&#8221;<\/a><\/em><\/li><li><a href=\"https:\/\/www.shodan.io\/search?query=files+stolen\">files stolen<\/a> &#8211; searches for this commonly used phrase that can often be found in ransom notes.<\/li><li><a href=\"https:\/\/www.shodan.io\/search?query=%22attention%22%2B%22encrypted%22%2Bport%3A27017\">&#8220;attention&#8221;+&#8221;encrypted&#8221;+port:27017<\/a> &#8211; ransomware infections of open MongoDB instances.<\/li><li><a href=\"https:\/\/www.shodan.io\/search?query=%22attention%22%2B%22encrypted%22%2Bport%3A3389\">\u201cattention\u201d+\u201dencrypted\u201d+port:3389<\/a> \u2013 ransomware infected RDP services. This filter has been around for ages, so at this stage you should expect these results to be honeypots or similar &#8220;experimental&#8221; targets as opposed to real life vulnerable machines.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-e542e67 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e542e67\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-816b418\" data-id=\"816b418\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e5ddd65 elementor-widget elementor-widget-text-editor\" data-id=\"e5ddd65\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"text-decoration: underline;\"><strong>NOTE:<\/strong><\/span> All of the above queries can be filtered further by using a very useful <a href=\"https:\/\/www.shodan.io\/search?query=has_screenshot%3Atrue\">has_screenshot:true<\/a> parameter. Adding it to the query will display only those results that contain a captured screenshot of what was happening on the screen, for example:<\/p><ul><li><a href=\"https:\/\/www.shodan.io\/search?query=ransomware+has_screenshot%3Atrue\">ransomware has_screenshot:true<\/a><\/li><li><a href=\"https:\/\/www.shodan.io\/search?query=was+encrypted+has_screenshot%3Atrue\">was encrypted has_screenshot:true<\/a><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-bb6bf8e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bb6bf8e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8cb63cf\" data-id=\"8cb63cf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-28ae9bc elementor-widget elementor-widget-image\" data-id=\"28ae9bc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"623\" height=\"309\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2024\/09\/ransomware-osint-research.png?fit=623%2C309&amp;ssl=1\" class=\"attachment-large size-large wp-image-5176\" alt=\"ransomware osint research\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2024\/09\/ransomware-osint-research.png?w=623&amp;ssl=1 623w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2024\/09\/ransomware-osint-research.png?resize=300%2C149&amp;ssl=1 300w\" sizes=\"(max-width: 623px) 100vw, 623px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-51fd188 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"51fd188\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d35f8bb\" data-id=\"d35f8bb\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bcfe5a6 elementor-widget elementor-widget-heading\" data-id=\"bcfe5a6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Cryptocurrency deposit addresses<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-72d14e6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"72d14e6\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c74d743\" data-id=\"c74d743\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8fc7a45 elementor-widget elementor-widget-text-editor\" data-id=\"8fc7a45\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The following resources contain a lot of publicly reported crypto deposit addresses that were confirmed (or sometimes only suspected) to be linked to ransomware funds payments:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-e393b56 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e393b56\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8431957\" data-id=\"8431957\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ad94598 elementor-widget elementor-widget-text-editor\" data-id=\"ad94598\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"https:\/\/ransomwhe.re\/\">Ransomwhere<\/a> &#8211; a free crowdsourced platform where anybody can provide intelligence on ransomware infection incidents, provided that you have the required evidence (screenshot, ransom note, link). Ransomwhere first <a href=\"https:\/\/osintme.com\/index.php\/2021\/07\/12\/ransomwhe-re-a-newly-launched-crowdsourced-ransom-payments-tracker\/\">featured on the Osint Me blog 3 years ago<\/a> &#8211; and it&#8217;s seen an impressive growth in popularity since.<\/li><li><a href=\"https:\/\/www.opensanctions.org\/datasets\/ransomwhere\/\">Open Sanctions ransomware<\/a> &#8211; this data set is powered by the <a href=\"https:\/\/api.ransomwhe.re\/export\">Ransomwhere API<\/a>, but it displays it differently and makes it easier to search.<\/li><li><a href=\"https:\/\/www.chainabuse.com\/\">Chainabuse<\/a> &#8211; a crowdreporting platform for cryptocurrency addresses linked to various forms of malicious activity <a href=\"https:\/\/www.chainabuse.com\/category\/ransomware\">including ransomware<\/a>, albeit mixed up together with sextortion scams and other forms of online blackmail.<\/li><li><a href=\"https:\/\/www.kaggle.com\/datasets\/sapere0\/bitcoinheist-ransomware-dataset\">BitcoinHeist Ransomware Dataset<\/a> &#8211; collection of ransomware related BTC addresses taken from various older reports and academic studies. Pretty old content and not that useful for present time researchers, but can be used for historical context.<\/li><li><a href=\"https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1319157824000144\">Machine learning-based ransomware classification of Bitcoin transactions<\/a> &#8211; research paper that borrows some of the data from the one mentioned above and attempts to focus on identifying ransomware through machine learning and anomaly detection.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6a02192 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6a02192\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-420c820\" data-id=\"420c820\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-079c301 elementor-widget elementor-widget-heading\" data-id=\"079c301\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Ransomware news &amp; publications<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b98ea52 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b98ea52\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-011071d\" data-id=\"011071d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b4eceb5 elementor-widget elementor-widget-text-editor\" data-id=\"b4eceb5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\">CISA Alerts &amp; Advisories<\/a> &#8211; official content from the US Cybersecurity and Infrastructure Security Agency. As one would imagine, there is a lot of content there, so it&#8217;s best to use the filters when searching for ransomware news and updates. It&#8217;s worth noting that CISA has issued their own <a href=\"https:\/\/www.cisa.gov\/stopransomware\">Stop Ransomware Guide<\/a> that covers topics such as ransomware related public safety advice, protection, response, preparation, etc. CISA has also put out some additional and free educational content &#8211; check out the last section of the blog post for links.<\/li><li><a href=\"https:\/\/cyble.com\/blog\/\">Cyble Blog<\/a> &#8211; general cybersecurity news, with a strong emphasis on ransomware attacks.<\/li><li><a href=\"https:\/\/therecord.media\/\">The Record<\/a> &#8211; decent coverage of cyber crime events, with major ransomware events being regularly reported on.<\/li><li><a href=\"https:\/\/www.halcyon.ai\/top-ransomware-groups\">Halcyon Power Rankings<\/a> &#8211; this publication issues quarterly reports of ransomware as a service (RaaS) power rankings. Provides a handy overview of the changing landscape and allows for comparing current and previous ransomware campaigns, threat actors and their modes of operation.<\/li><li><a href=\"https:\/\/darkfeed.io\/ransomgroups\/\">Ransom Groups DarkFeed<\/a> &#8211; general quarterly statistics of the most active ransomware groups.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8e18e5a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8e18e5a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7d9c186\" data-id=\"7d9c186\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4807d5e elementor-widget elementor-widget-heading\" data-id=\"4807d5e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Miscellaneous resources<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-51734e2 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"51734e2\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5b631e7\" data-id=\"5b631e7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-91f12c0 elementor-widget elementor-widget-text-editor\" data-id=\"91f12c0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/academy.picussecurity.com\/courses\">Purple Academy<\/a> &#8211; contains several free training courses, useful not only for expanding your general cybersecurity knowledge but also for scoring continuing professional education credits (CPEs) if you need those to renew some of your existing certs. At the time of writing, it offers 3 ransomware related, 1-hour courses that you can register for and that are free:<\/p><ul><li><a href=\"https:\/\/academy.picussecurity.com\/course\/breach-and-attack-simulation-bas-course-training-certification\">The Beginner&#8217;s Guide to Breach and Attack Simulation Course<\/a><\/li><li><a href=\"https:\/\/academy.picussecurity.com\/course\/continuous-threat-exposure-management-beginners-guide\">The Beginner&#8217;s Guide to Continuous Threat Exposure Management<\/a><\/li><li><a href=\"https:\/\/academy.picussecurity.com\/course\/detection-rule-validation-free-course-certification\">The Beginner&#8217;s Guide to Detection Rule Validation<\/a>.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a8d9adc elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a8d9adc\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-652fbe6\" data-id=\"652fbe6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8c4dcd8 elementor-widget elementor-widget-text-editor\" data-id=\"8c4dcd8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/arxiv.org\/abs\/2408.15420\">Showing the Receipts<\/a> &#8211; a recently published academic research paper, co-authored by Jack Cable who was behind the Ransomwhere project. The synopsis outline what this paper is about:<\/p><p><em>&#8220;We present novel techniques to identify ransomware payments with low false positives, classifying nearly $700 million in previously-unreported ransomware payments. We publish the largest public dataset of over $900 million in ransomware payments &#8212; several times larger than any existing public dataset. We then leverage this expanded dataset to present an analysis focused on understanding the activities of ransomware groups over time. This provides unique insights into ransomware behavior and a corpus for future study of ransomware cybercriminal activity.&#8221;<\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5a818f8 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5a818f8\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-196cd60\" data-id=\"196cd60\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6d634e5 elementor-widget elementor-widget-text-editor\" data-id=\"6d634e5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/www.sans.org\/webcasts\/ransomware-summit-solutions-track-2024\/\">SANS Ransomware Summit<\/a> &#8211; while not a fan of the SANS exorbitantly priced training courses, I do recommend their Summit conferences (I previously spoke at one, <a href=\"https:\/\/osintme.com\/index.php\/2022\/04\/07\/how-to-investigate-phishing-campaigns-resources-for-the-sans-osint-summit-2022-talk\/\">here is the link<\/a>). The Ransomware Summit is a free event and is guaranteed to give you exposure to some very interesting presentations on all aspects of ransomware attacks and investigations. Worth keeping an ear to the ground in anticipation of the 2025 Summit edition.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2924851 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2924851\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-cebe17b\" data-id=\"cebe17b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-26a9df1 elementor-widget elementor-widget-text-editor\" data-id=\"26a9df1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/www.fatf-gafi.org\/content\/fatf-gafi\/en\/publications\/Methodsandtrends\/countering-ransomware-financing.html\">Countering Ransomware Financing<\/a> &#8211; this is a publication from the Financial Action Task Force (FATF) and it focuses on the financial aspects of laundering ransomware proceeds of crime:<\/p><p><em>&#8220;The report proposes a number of actions that countries can take to more effectively disrupt ransomware-related money laundering. This includes building on and leveraging existing international cooperation mechanisms, given the transnational nature of ransomware attacks and related laundering.&#8221;<\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-77733df elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"77733df\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-98daee8\" data-id=\"98daee8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c1edf32 elementor-widget elementor-widget-heading\" data-id=\"c1edf32\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">BONUS: Learning resources from CISA<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8644de7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8644de7\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f1c87d5\" data-id=\"f1c87d5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e2c3140 elementor-widget elementor-widget-text-editor\" data-id=\"e2c3140\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Here&#8217;s some good &amp; free educational content from the US Cybersecurity and Infrastructure Security Agency &#8211; some of it might be a little dated but is largely still very relevant:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1f50d72 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1f50d72\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-19a5eef\" data-id=\"19a5eef\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fd7579a elementor-widget elementor-widget-text-editor\" data-id=\"fd7579a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"https:\/\/fedvte.usalearning.gov\/publiccourses\/IMR_RANS\/index01.htm\"><span class=\"break-words tvm-parent-container\"><span dir=\"ltr\">Don\u2019t Wake Up to a Ransomware Attack<\/span><\/span><\/a><\/li><li><a href=\"https:\/\/fedvte.usalearning.gov\/publiccourses\/critical101\/index.htm\">Cybersecurity and Critical Infrastructure<\/a><\/li><li><a href=\"https:\/\/fedvte.usalearning.gov\/publiccourses\/cscrm\/index.htm\">Introduction to Supply Chain Risk Management<\/a><\/li><li><a href=\"https:\/\/fedvte.usalearning.gov\/publiccourses\/ici\/iciframe.php\">Introduction to Cyber Intelligence<\/a><\/li><li><a href=\"https:\/\/fedvte.usalearning.gov\/publiccourses\/cryptocurrency\/index.htm\">Cryptocurrency for Law Enforcement<\/a><\/li><li><a href=\"https:\/\/fedvte.usalearning.gov\/publiccourses\/IMR4\/index01.htm\">Securing Internet-Accessible Systems<\/a><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ed4c3c7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ed4c3c7\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-cb0befd\" data-id=\"cb0befd\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a43b2e6 elementor-widget elementor-widget-text-editor\" data-id=\"a43b2e6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>NOTE:<\/strong> If you have any suggestions on what else should be added here (genuine free educational resources, <strong>NO<\/strong> marketing spam or sponsored articles!), please email me on <strong><em>info@osintme.com<\/em>.<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Multiple sources and datasets for investigating ransomware activity.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6],"tags":[76,44,61,134],"class_list":["post-5159","post","type-post","status-publish","format-standard","hentry","category-open-source-intelligence","tag-cybercrime","tag-intelligence","tag-malware","tag-ransomware"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/5159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/comments?post=5159"}],"version-history":[{"count":97,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/5159\/revisions"}],"predecessor-version":[{"id":5268,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/5159\/revisions\/5268"}],"wp:attachment":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/media?parent=5159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/categories?post=5159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/tags?post=5159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}