This is a non-IMPACT record, meaning that access to the data is not
controlled by IMPACT. For access, see the directions below.
Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.
Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.
Summary
DS-1277
Ransomware Tracker Blocklist
External Dataset
External Data Source
abuse.ch
Unknown
Unknown
56 (lowest rank is 56)
Description
Ransomware Tracker offers various types of blocklists that allows you to block Ransomware botnet C&C traffic.
The update interval for the available blocklists is 5 minutes. Blocklists are separated based on malware and blocklist type (URL, Domain, or IP). They allow you to be more specific in what you want to block (e.g. only a certain malware family or blocklist type). The recommended format for the blocklists is a combined format which contains data from all malware types. They might not catch everything, but the false positive rate should be low. However, false positives are possible, especially with regards to RW_IPBL. IP addresses associated with Ransomware Payment Sites (*_PS_IPBL) or Locky botnet C&Cs (LY_C2_IPBL) stay listed on RW_IPBL for a time of 30 days after the last appearence. This means that an IP address stays listed on RW_IPBL even after the threat has been eliminated (e.g. the VPS / server has been suspended by the hosting provider) for another 30 days.
Additional Details
N/A
false
Unknown
ransomware, tracker, blocklist, 1277, ransomware tracker blocklist, external data source, inferlink, corporation, external, source, inferlink corporation, blocklists, block, botnet, types, traffic, offers, ipbl, rw, malware, listed, false, days, type, format, positive, locky, url, recommended, stay, cs, sites, vps, hosting, appearence, ps, combined, time, threat, family, separated, stays, ly, domain, interval, server, other, c2, suspended, update, rate, provider, minutes, eliminated, positives, based, catch, payment, specific