JAKARTA - A security expert, Jack Cable, has launched a site to keep records of bitcoin payments publicly traceable to major ransomware gangs, such as REvil.
The site “ransomwhe.re” has been created by Jack Cable, a security researcher who works with cyber consultancy Krebs Stamos Group and the US Defense Digital Service.
Ransomwhe.re is an open crowdsourced ransomware payment tracker website, which offers details of victims' payments in bitcoin to wallets associated with a dozen major ransomware variants. Payout figures can be broken down by, year, month, and week.
Ransomware attacks are on the rise and are now the subject of debate among world leaders after the attack on Colonial Pipeline, the JBS meat processor. Last week also saw an attack on management software company, Kaseya, which caused the REvil ransomware to spread to more than 1.000 of their customers.
REvil/Sadinokibi who are suspected of being behind the attacks on JBS and Kaseya is currently the largest gang that has succeeded in extorting their victims with payments of up to USD 11.3 million they managed to receive.
SEE ALSO:
REvil's total fortune for 2021 could increase significantly if they could receive a ransom of USD 70 million in the attack on Kaseya last week.
Cable joins the US Cybersecurity and Infrastructure Agency under then-CISA director, Chris Krebs, who helped and secured the tally system ahead of the 2020 US Presidential election.
Cable explained his motives for building the site in a thread on Twitter, in logging data about victim payments in order to change the response to the ransomware.
Today, I'm excited to launch Ransomwhere, the open, crowdsourced ransomware payment tracker. Check out the site and contribute data at https://t.co/4LAIU9TpdN and follow @ransomwhere_ for updates.
Thread on where I see this going:
— Jack Cable (@jackhcable) July 8, 2021
"Currently, there is no comprehensive public data on the total number of ransomware payments. Without that data, we cannot know the full impact of ransomware, and how best to take certain actions that would change the picture", said Cable.
Ransomwhe.re aims to fill that gap by tracking bitcoin transactions associated with the ransomware group. It is public, so anyone can view and download data. And it is a resource, so anyone can submit reports of ransomware that has been infected or observed".
According to the FAQ on Ransomwhe.re, Bitcoin's transparency in payments makes it easy to track payments and receipt addresses.
This site calculates the US dollar value of bitcoin payments based on the exchange rate on the day the payment was made. What they show is an estimate of how much money the victims paid, but not how much the ransomware gang was able to sell their bitcoins from the extortion.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)