LAGIC
Lead Audience Growth Intelligence Computing
R

Ransomware & Dark Web Data Breach Monitor — Dark Web | Lagic

Built For

Get a list of dark web ransomware attacks mentioning your company, clients, or industry.

Curated by Lagic·Verified working

Configure Agent

Enter one or more keywords to search for in victim names, ransomware group names, or descriptions. Separate multiple keywords with new lines, commas, or semicolons. The search is case-insensitive and matches if ANY keyword is found. Leave empty to retrieve all records based on other filters (country, dates) up to the maximum results limit.

Filter by country using ISO 2-letter country codes (e.g., US, GB, DE, FR, IT). Leave empty to include all countries.

Filter attacks discovered on or after this date. Format: YYYY-MM-DD (e.g., 2024-01-01)

Filter attacks discovered on or before this date. Format: YYYY-MM-DD (e.g., 2024-12-31)

Maximum number of records to return. Use lower values for faster execution and lower costs.

Results to deliver

400 credits

This agent actively searches live listings — results may vary. You are only charged for what is delivered, up to this number.

Lagic Proxy

Country auto-rotated. Need a specific region? Contact support.

Pricing

4 credits per result
✓ 30 free credits on signup✓ Refund if 0 results✓ No card required

Sample Data Preview

Name of the ransomware groupTitle of the data leak postURL of the post on the dark webDate the breach was discoveredDate the breach was published by the groupThe group's description of the attack and victim
Sample Text...Sample Text...https://...2026-04-052026-04-05Value...
Sample Text...Sample Text...https://...2026-04-052026-04-05Value...
..................
Exports as:CSVXLSXJSON

Overview

Monitor dark web ransomware posts for mentions of specific companies, partners, or countries. Get details like the attacking group, discovery date, and links to the posts for threat intelligence and risk management.

This tool scans the data leak sites of known ransomware groups on the dark web for specific keywords. It's designed for cybersecurity professionals, threat intelligence analysts, corporate security teams, and Managed Service Providers (MSPs) who need to stay ahead of data breaches. Instead of manually and unsafely browsing the dark web, you can use this monitor to proactively check for mentions of your company, your clients, or your key suppliers. The results provide crucial context for incident response and risk assessment, including the name of the ransomware group behind the attack, a description of the victim, and the date the breach was discovered by security researchers. This provides an early warning system, helping you identify if your organization or a critical third-party partner has been compromised, often before a public announcement. Use the data to track the activities of specific threat agents, analyze attack patterns against certain countries, or conduct due diligence during mergers and acquisitions.

Key Capabilities

  • Name of the ransomware group
  • Title of the data leak post
  • URL of the post on the dark web
  • Date the breach was discovered
  • Date the breach was published by the group
  • The group's description of the attack and victim
  • Victim's country
  • Victim's website
  • A log of modifications or updates to the post
  • Corporate Security Monitoring: Run daily searches for your own company name and domains to get immediate alerts if you appear on a ransomware leak site.
  • Managed Service Provider (MSP) Client Protection: Monitor a list of all your clients' company names to provide proactive breach notification as a premium service.
  • Third-Party Risk Management: Regularly search for key vendors and supply chain partners to be alerted of breaches that could impact your own operations.
  • Threat Agent Tracking: Filter results by a specific ransomware group name (e.g., 'LockBit', 'Clop') to analyze their targets and activity over time.
  • Geopolitical Threat Analysis: Filter results by a specific country code to identify ransomware campaigns targeting a particular nation's infrastructure or businesses.
  • Merger & Acquisition Due Diligence: Before an acquisition, search for the target company's name to uncover any recent, undisclosed data breaches.

Field Dictionary

How To Run This Extractor

1

Enter the company names, domains, or other keywords you want to monitor into the 'Search Keywords' field.

2

Optionally, filter the search by a two-letter 'Country Code'.

3

Optionally, specify a date range for when the breach was discovered.

4

Set the maximum number of results you want to retrieve.

5

Run the tool to get a structured list of matching ransomware posts.

6

Download the data as a spreadsheet or JSON file.

Frequently Asked Questions

Do I need a Tor browser or special access to use this?
No, the tool handles all access to dark web sources. You just provide keywords and get back structured data.
What's the difference between 'Discovery Date' and the 'published' date in the output?
What ransomware groups does this monitor?
Is it legal to access this information?
Can I use this to monitor for my clients?
How fresh is the data?
What skills do I need to use this tool?
In what format can I export the data?
Can I schedule this tool to run automatically?
How many keywords can I search at once?