Awesome Ransomware

A curated list of ransomware-related resources with a primary focus on research (rather than remediation).

📚 Books

• Ransomware Revealed
• Ransomware: Defending Against Digital Extortion - The O'Reilly book on ransomware
• The Ransomware Hunting Team

🗞️ Articles and Essays of Note

• The Ransomware Superhero of Normal, Illinois [ 💾 archive ]
• Ransomware: Past, Present and Future - Cisco Talos blog post on ransomware, vintage 2016
• Do you want to play a game? Ransomware asks for high score instead of money -- about Rensenware

🛠️ Tools

🔐 Decrypters

• Emsisoft Ransomware Decryption Tools
• Free Ransomware Decrypters | Kaspersky
• List of Decryption Tools | Heimdal Security - A long list of decryption tools
• No More Ransom
• Trend Micro Ransomware File Decryptor
• The Windows Club - A list of decryption tools

✨ Other

• CryptoSearch
• RansomNoteCleaner
• RAASNet
  • The version above is no more: see CesarAyalaDev/RAASNet

📝 Ransomware Notes

AKA demands.

• Ransomware Notes
• Ransomware known file name ransom notes: ransomware_notes_list.csv
• Translated Conti Leaked Comms

🗺️ Guides and Playbooks

• Ransomware Playbook - Rapid7
• Ransomware playbook (ITSM.00.099) - Canadian Centre for Cyber Security
  • PDF
• Ransomware Template from Counteractive
• Microsoft DART ransomware approach and best practices

🖼️ Infographics

• Ransomware Families - A diagram from F-Secure of ransomware families from 2012-2017.
• A timeline of major ransomware events
  • The link above is 404: see the timeline via the Wayback Machine.
• Ransomware Attacks Map - An interactive map of known ransomware incidents in the US

🏡 Lists of Ransomware Families

• NJCCIC - From AutoLocky to Zepto
• Ransomware Overview - A Google Sheets document shepherded by @nyxbone -- no longer actively updated

🔭 Observing Ransomware Groups and Attacks

• Ransomfeed
  • nuke86/ransomFeed on GitHub (a fork of ransomwatch)
• Ransomlook - Notes and info on 150+ groups
• Ransomware Live
• Ransomwatch Observatory
  • ✨ notable projects list on ransomwatch.telemetry.ltd
  • joshhighet/ransomwatch on GitHub
• Ransomware Tool Matrix - companoin blog post
• Ransomware Vulnerability Matrix
• ransomware_gang.md in fastfire/deepdarkCTI on GitHub

ℹ️ Resources

• Bleeping Computer's Ransomware Forum
• ID Ransomware
• Ransomware identification for the judicious analyst
• Ransomware Reports
• Yara rules for detecting ransomware
• /r/ransomware
• Ransomware Task Force
  • RTF Report: Combating Ransomware
• Ransomware known file extensions: ransomware_extensions_list.csv
• EMPHASIS: Economical, Psychological and Societal Impact of Ransomware -- no longer actively updated, still available for reference

🎥 Videos and 🎤 Podcasts

• Darkode - A well-produced Radiolab episode that follows a mother-daughter pair in the wake of a ransomware incident
• SANS Ransomware Summit 2022

Related Awesome Lists

• awesome-incident-reponse
• awesome-malware-analysis
• Security lists for SOC/DFIR detections