A brand-new way to see the ransomware landscape at a glance. Ransom View maps every group as an interactive heatmap — sized by activity and colored by change — so you can instantly spot who's surging. Click any group for its most-attacked country, top targeted sector and full activity volume.
Curated monthly intelligence reports on the global ransomware & data-extortion landscape — most active groups, most targeted sectors and countries, and newly emerged threat actors. View online or download the full PDF.
A dedicated, victim-focused view of every organization published on ransomware & data-leak sites — regardless of the group behind the attack. See the full attack details and the victim's own website side by side in one window, giving a valuable extra angle — especially when the site has been defaced.
New module launched: real-time tracking of CISA's Known Exploited Vulnerabilities, with a focused view on CVEs actively leveraged in ransomware campaigns. Prioritize patching based on actual threat actor activity — not just severity scores.
New module: curated high-risk posts from forums across the open web and darknet. Each event includes an AI Risk Assessment, a numeric risk score (levels 6–10), supporting imagery, and full context in a clear, structured layout.
A new free dashboard focused on Israel is now available! Access it via the Dashboards menu.
Darkfeed wishes all our users a joyful holiday season and a successful start to the new year 2026!
We have officially deployed API V3, featuring enhanced security measures and new metadata fields for improved attribution.
We have rolled out a refreshed visual design across the Darkfeed platform to improve clarity, consistency and overall usability.
Ransomware Heatmap
Group activity treemap — block size by victim count, color by change vs. previous period
Subscribers only
Historical views (1M / 3M / 1Y), full 12-month attack timelines, complete sector & country breakdowns and the full victim feed are available with a DarkFeed subscription.
View plans & pricing
