Ransomware & Dark Web Data Breach Monitor

Pricing

from $3.00 / 1,000 results

Try for free

Go to Apify Store

Ransomware & Dark Web Data Breach Monitor

Try for free

Monitor ransomware attacks and data breaches from the dark web. Track ransomware groups like LockBit, BlackCat, Play, and more. Get real-time alerts on victim organizations, leaked data, and cyber threats. Essential for threat intelligence, cybersecurity research, and brand protection.

Pricing

from $3.00 / 1,000 results

Rating

5.0

(1)

Developer

Lofomachines

Maintained by Community

Actor stats

Bookmarked

Total users

Monthly active users

8 days ago

Last modified

✨ Key Features

🔍 Bulk Keyword Search: search multiple terms at once (victim names, ransomware groups, descriptions) with case-insensitive matching.
🌍 Country Filtering: filter by country using 2-letter ISO codes (e.g., US, GB, DE, IT).
📅 Date Range Filters: limit results to attacks discovered within a specific time window.
⚡ Fast & Lightweight: get data in the fastest way.
📊 Structured Output: dataset output with a defined schema, ready for BI tools, dashboards, integrations, and automation.
🛡️ Safe Dark Web Intelligence: no direct access to .onion sites; no Tor system needed.

🎯 Use Cases

Use Case	Description
Daily Threat Monitoring	Run the actor on a schedule to find new attacks mentioning your organization, your domain, or your sector.
Brand & Third‑Party Risk	Check whether vendors, partners, or customers have appeared in ransomware leak sites.
Industry / Vertical Research	Analyze ransomware trends in a given vertical (e.g., healthcare, finance, manufacturing) for reports and research.
Geographic Analysis	Monitor attacks targeting specific countries or regions using ISO codes.
Threat Actor Tracking	Track specific campaigns of groups such as LockBit, BlackCat, Play, Akira, and many more.
SOC / SIEM Enrichment	Enrich incidents in your SIEM with context via webhook or API.

📥 Input Configuration

The actor accepts a JSON input with filters for keywords, country, date range, and maximum number of results.

Example Input

{
  "keywords": "healthcare\nhospital\nmedical",
  "country": "US",
  "dateFrom": "2024-01-01",
  "maxResults": 500
}

Input Parameters

Parameter	Type	Required	Default	Description
keywords	String	❌ No	`""`	Search terms (one per line, or separated by comma / semicolon). The search runs against victim name, group name, and description. Case-insensitive. Empty = no keyword filter.
country	String	❌ No	`""`	2-letter ISO country code (e.g., `US`, `GB`, `DE`, `IT`). Empty = all countries.
dateFrom	String	❌ No	`""`	Minimum discovery date for attacks (format `YYYY-MM-DD`). Empty = no lower bound.
dateTo	String	❌ No	`""`	Maximum discovery date for attacks (format `YYYY-MM-DD`). Empty = no upper bound.
maxResults	Integer	❌ No	`100`	Maximum number of records to return (min 1, max 10,000). Directly affects run time and CU usage.

📤 Output

The actor produces:

A dataset with one item per filtered attack/record.
A metadata object saved in the default key‑value store under key OUTPUT (total results, total in database, applied filters).

Output Fields (Dataset)

Field	Type	Description
post_title	String	Name of the victim organization.
group_name	String	Ransomware group responsible for the attack.
description	String	Additional context or description of the victim/attack.
website	String	Victim’s website domain.
country	String	2-letter ISO country code.
activity	String	Industry / sector of the victim.
discovered	String (date‑time)	When the attack was detected in the dataset.
published	String (date‑time)	When the data was published on the leak site.
post_url	String	Original post URL on the leak site.
modifications	Array<Object>	History of record updates, if available.

Example Output Item

{
  "post_title": "Example Healthcare Inc",
  "group_name": "lockbit3",
  "description": "Healthcare provider with 500+ employees",
  "website": "https://examplehealthcare.com",
  "country": "US",
  "activity": "Healthcare",
  "discovered": "2024-06-15T14:32:10.123456",
  "published": "2024-06-14T00:00:00.000000",
  "post_url": "http://lockbit...onion/post/...",
  "modifications": []
}

OUTPUT key (metadata)

In the default key‑value store, the OUTPUT key contains:

{
  "totalResults": 123,
  "totalInDatabase": 45678,
  "filters": {
    "keywords": ["healthcare", "hospital", "medical"],
    "country": "US",
    "dateFrom": "2024-01-01",
    "dateTo": null,
    "maxResults": 500
  }
}

📊 Dataset Views

This actor defines preconfigured dataset views (see .actor/dataset_schema.json):

Overview: compact view for quick analysis, with key fields:
- post_title (Victim), group_name (Ransomware Group), country, activity, discovered, published, website, post_url.
Raw Records: also shows description and modifications for deeper investigation of individual cases.

You can access the dataset from the actor’s Output tab in Apify Console or via API (see the automatically generated link).

Dark Web Search Results Scraper

lofomachines/dark-web-search-results-scraper

Scrapes search results from dark web search engines. Get titles, onion urls, page description.

Lofomachines

5.0

Dark Web Scraper

epctex/darkweb-scraper

Uncover valuable insights with our Dark Web Scraper. Extract sensitive data, including crypto wallets, API keys, emails, phone numbers, and more, from the depths of the Dark Web. You can specify search terms, and customize and retrieve OSINT data out of the box.

epctex

1.5K

Google Search Autocomplete: Cheaper, Faster, Reliable

lofomachines/google-search-autocomplete-cheaper-faster-reliable

Extract Google autocomplete suggestions with comprehensive metadata including position, relevance score, and full localization support.

Lofomachines

5.0

URLs List - Extract ALL website urls

lofomachines/urls-extractor

Automatically discovers and extracts ALL URLs from any website. Perfect for SEO analysis, content inventory, and bulk URL extraction from multiple websites. Get complete URL lists with metadata including last modified dates and priority levels.

Lofomachines

5.0

Apify Result AI Text Classifier

lofomachines/apify-result-ai-text-classifier

Super Fast - Classify texts using AI. Paste texts in bulk, define your labels, and get classified results as a dataset. Use it to make text classifications on Tweets, Reviews, and more.

Lofomachines

5.0

Website Tech Profiler

lofomachines/website-tech-profiler

Advanced technology stack scraper and Wappalyzer alternative. Detect frontend frameworks (React, Vue, Angular), backend technologies, CDN, hosting providers, analytics, advertising scripts, API endpoints, and more. Complete techstack analysis for competitive research and lead generation.

Lofomachines

5.0

Sitemap URL Extractor

onescales/sitemap-url-extractor

Provide a website link to a sitemap.xml and the app will extract and list all URLs in the sitemap as well as additional data in the sitemap (i.e. https://onescales.com/sitemap.xml).

One Scales

254

5.0

Wikipedia Scraper | $5 / 1k | Fast & Reliable

fatihtahta/wikipedia-scraper

Get full articles and detailed search results with the Wikipedia Scraper. Extract structured data including titles, summaries, citations, and full content. Ideal for market research, AI training, and competitive intelligence.

Fatih Tahta

5.0

Sitemap Generator

igview-owner/sitemap-generator

Automatically crawl any website and generate XML, HTML, and text sitemaps for SEO optimization. Perfect for submitting to Google Search Console, Bing Webmaster Tools, and improving search engine indexing. no manual work required. Free sitemap generator tool for WordPress, Blogger, and all website.

Sachin Kumar Yadav

URL Mapper

marcoet/url-mapper

Map every link on any website in seconds. URLMapper instantly crawls a single page, returns a complete JSON of internal URLs, supports keyword filtering, and plugs straight into any Apify workflow or API so you can pre-crawl, audit SEO, or feed clean link lists into larger scrapers.