Ransomware Victim Claims & Recent CVE Monitor
Under maintenancePricing
Pay per usage
Ransomware Victim Claims & Recent CVE Monitor
Under maintenanceTrack recent ransomware victim claims, company mentions, and what data actors say they have. Uses RansomLook search/recent/post index, ransomware.live, CISA KEV, and NVD CVE updates for preview or full monitoring exports.
Pricing
Pay per usage
Rating
0.0
(0)
Developer
Actor stats
0
Bookmarked
2
Total users
0
Monthly active users
8 days ago
Last modified
Categories
Share
Fresh Threat Actor & Ransomware Activity Monitor
Monitor public ransomware victim-claim metadata, recent public NVD CVE vulnerability-disclosure metadata, and fresh public threat actor activity in a clean dataset. The default run uses a 277-group ransomware.live preset plus recent NVD public CVE metadata for broad safe coverage, while paid-traffic readiness requires 100,000 recent, live-backed, payworthy, non-test rows from current public sources.
What You Get
- Victim-claim archive rows for groups such as LockBit, Qilin, Akira, Play, Clop, RansomHub, ALPHV, DragonForce, BianLian, Black Basta, Medusa, SafePay, 8Base, Lynx, Everest, Conti, Rhysida, Cactus, Royal, and Hive.
- Recent public NVD CVE vulnerability-disclosure metadata rows with CVE IDs, publication dates, CVSS/CWE summary context, and NVD detail links.
- Fresh/current rows where recent public claims exist, plus historical rows clearly marked by
freshnessStatusand excluded from strict paid-traffic readiness. - Fields for
actor,victimName,affectedSectors,countries,claimedDate,sourceUrl,confidence,paidRowDecision,buyerValueScore,whyWorthPayingFor, andnextSearchPivots. - Safe metadata only: no credential values, stolen files, malware payloads, private messages, raw leak contents, authentication bypass, CAPTCHA bypass, or threat-actor interaction.
Default Input
The default preset is tuned for broad ransomware monitoring and archive search:
{"maxRowsPerQuery":6000,"includeActivity":true,"includeTargets":true,"includeTtps":true,"includeSources":true,"includeDatasets":false,"includeCoverageGaps":false,"includeHeldRows":false}
Custom runs can replace queries with actor, ransomware, malware, campaign, sector, or brand terms.
Pricing
The Actor uses Apify pay-per-event pricing.
- Dataset rows:
$3.00 / 1,000 rows - Actor start:
$0.00005 - Platform usage: included for customers
Rows are priced by output volume, so buyers can estimate cost before scheduling a run.
Good Uses
- SOC teams can filter
freshnessStatus=currentorrecentfor daily triage. - CTI teams can search historical victim claims by actor, victim, sector, country, date, or recent public CVE ID.
- Brand monitoring teams can check whether an organization appears in public ransomware victim metadata.
- Incident response teams can pivot from victim claims into public corroboration and defensive follow-up.
Sample Row
{"query":"Qilin","rowType":"activity","actor":"Qilin","title":"Qilin victim claim: Example Corp","claimType":"victim_claim","victimName":"Example Corp","affectedSectors":["Healthcare"],"countries":["US"],"claimedDate":"2026-06-20T00:00:00.000Z","sourceType":"clear_web","collectionMode":"ransomware_live_group_page","freshnessStatus":"current","paidRowDecision":"sellable","billingGuidance":"charge","whyWorthPayingFor":"specific public intelligence row ready for analyst triage","rawContentIncluded":false,"safety":{"metadataOnly":true,"credentialsIncluded":false,"stolenFilesIncluded":false,"privateContentIncluded":false,"actorInteraction":false}}
Notes
Claims are public claims, not confirmed breaches. Use confidence, freshnessStatus, sourceUrl, corroborationState, and nextSearchPivots to decide what needs follow-up.
