Using ransomwarewatch commands

Ransomwarewatch is a github project that scans and stores ransomware data from the dark web. It has a CLI interface you can use to query the database. It uses cUrl and jq (a JSON parser). You can get lists of the groups here.

print last 10 claims by group lockbit3

curl -sL ransomwhat.telemetry.ltd/posts \

| jq -r '.[] | select(.group_name == "lockbit3") | .post_title' \

| tail -n 10

print all online URL’s

curl -sL ransomwhat.telemetry.ltd/groups \

| jq -r '.[] | .locations[] | select(.available == true) | .slug'

print group data for lockbit3

curl -sL ransomwhat.telemetry.ltd/groups \

| jq -r '.[] | select(.name == "lockbit3")'

print the last 100 claims

curl -sL ransomwhat.telemetry.ltd/posts \

| jq -r '.[] | [.group_name, .post_title] | @tsv' \

| sed 's/ /_/g' | column -t | tail -n 100

---