🕷 Ransom Radar

Description

Get 🚨 real-time alerts on new ransomware posts, leaks, and extortion attempts.
This tool polls RansomLook, RansomFeed, and Ransomware.live, sending alerts to a Telegram channel or group.

---

🚀 Features

• Polls RansomLook and RansomFeed API for new ransomware victims.
• Maintains a local .cache to avoid duplicate alerts.
• Sends rich notifications (with group, victim, date, description, screenshot, etc.) via Telegram.
• Lightweight and modular Python design.
• Optional AI enrichment: Automatically summarizes victim descriptions and generates insights using configurable AI models (e.g., Hugging Face, GPT-4, DeepSeek). AI features can be enabled or disabled in the configuration.

---

⚙ Requirements

• Python 3.8+
• Libraries listed in requirements.txt

git clone https://github.com/FreeDurok/Ransom-Radar.git
cd Ransom-Radar

python3 -m venv venv
source venv/bin/activate

pip install -r requirements.txt

---

🔑 Telegram Setup

1. Create a bot with BotFather on Telegram.
2. Obtain your bot token.
3. Add the bot to your channel or group and give it permission to post messages.
4. Obtain your chat ID.

• For groups, you can use the @RawDataBot to get the chat ID.

---

📝 Configuration

Create a .env file in the project root:

# Telegram (required)
TELEGRAM_TOKEN=your_telegram_bot_token
TELEGRAM_CHAT_ID=your_channel_or_group_chat_id

# General (optional)
POLL_INTERVAL=150
LOG_FILE_PATH=~/.ransom-radar/ransom_radar.log

# AI (optional)
AI_ENABLED=false
API_KEY=your_api_key
API_URL=https://router.huggingface.co/novita/v3/openai
AI_MODEL=moonshotai/kimi-k2-instruct

# Proxy (optional)
PROXY_URL=

🔐 Ransomware.live Pro API Access

To use the Pro API features of ransomware.live, you must register an account and request an API token from their website.
Once you receive your token, add it to your configuration (e.g., in ransomlive/config.py or your ransomlive/.env file) as needed.

Refer to the ransomware.live documentation for details on registration and API usage.

---

🚀 Run

python3 main.py

It will start polling immediately and notify your Telegram channel/group.

---

🐳 Docker

# Build and start
docker compose up -d

# View logs
docker compose logs -f

# Stop
docker compose down

Each provider's cache (.cache/state.json) is persisted via Docker volumes, so you won't receive duplicate notifications after a restart.

---

📂 Cache

Keeps a .cache/state.json file to track already notified posts.

---

📜 Create the systemd service file

Create a file at:

touch /etc/systemd/system/ransom-radar.service

with the following content:

[Unit]
Description=Ransom Radar - Ransomware Telegram Notifier
After=network.target

[Service]
Type=simple
WorkingDirectory=/opt/Ransom-Radar
ExecStart=/opt/Ransom-Radar/venv/bin/python3 /opt/Ransom-Radar/main.py
Restart=always
RestartSec=10
User=ubuntu

[Install]
WantedBy=multi-user.target

🔎 Note: replace User=ubuntu with the actual system user that owns the project directory.

🔎 Note: move or clone the project in /opt folder.

sudo systemctl daemon-reload
sudo systemctl enable ransom-radar
sudo systemctl start ransom-radar
sudo systemctl status ransom-radar

📄 License

MIT