Real-time monitoring Alerts + Dashboard + API Ransomware & leak ecosystems File name search

Real-Time Ransomware & Data-Leak Monitoring

Detect extortion threats, stolen data, and brand exposure before attackers escalate - with verified intelligence you can act on.

  • Live monitoring of ransomware and extortion ecosystems
  • Early alerts before public data leaks
  • Dashboard, email, and API delivery
  • One-of-a-kind leaked file name search
  • Trusted by security teams at Fortune 100 companies, global operating law firms, and leading DFIR teams
Request your Demo View Sample Alerts

No spam. We’ll show you the platform and a sample report for your sector.

Email / Slack alerts Searchable case views Exports & reporting API access
Dashboard screenshot
Signal
New leak claim detected
Entity match • Priority: High
Delivery
Alert + case link
Dashboard / Email / Slack / API / Custom
As seen on and referenced by leading media, research, and security professionals worldwide.
Binding Hook Reuters Yahoo! Japan CyberScoop FS-ISAC SANS Institute Journal of Quantitative Criminology Institute for Security and Technology (IST) University of Twente

Protect Your Data.

Early warning, actionable context, and operational delivery - built for security teams. Get notified when your third-parties and customers are targeted.

Early warning

Detect new leak claims and extortion activity as it happens.

Actionable context

Enriched details: entity mapping, artifacts, links, timeline.

Operational delivery

Alerts + dashboard + API to automate workflows and reporting.

Coverage
280+ sources monitored
New Sources Added Regularly
Speed
Real-time alerts
Email • Slack • Webhooks
Outputs
Reports & exports
Daily / Weekly / Monthly / Custom

Built for Risk Teams, Compliance, SOC, DFIR
- and Your CISO.

A simple workflow: collect signals, enrich context, alert quickly, deliver outputs.

1
Collect
Continuous monitoring of extortion & leak ecosystems.
2
Verify & Enrich
De-duplication, entity matching, artifacts, timeline, links.
3
Alert
Real-time notifications with priority and context.
4
Deliver
Dashboard + API + executive-ready reports.
Example case timeline
Leak claim • Entity: ExampleCo
High
T+0
Claim detected
Source: [redacted] • Indicators: keywords match
T+3m
Enrichment
Subsidiary mapping • sector tag • artifact links
T+8m
Alert delivered
Slack • email • webhook payload available
See outputs Request free trial

Ransomware & Data-Leak Trends Security Teams Must Track

Ransomware in 2026 is no longer just about encryption - it is driven by data theft, extortion, and public exposure. Attackers increasingly pressure organizations by leaking stolen data on dedicated extortion sites, social channels, and underground forums.

Extortion-first attacks are now the norm

Many campaigns skip encryption entirely, focusing on data theft and public shaming to force payment.

Leak sites act as early breach indicators

Victim listings often appear days or weeks before incidents are publicly disclosed or detected internally.

Attackers target reputation and trust

Stolen data is selectively leaked to maximize regulatory, legal, and brand impact.

Ransomware ecosystems are fragmented and fast-moving

Groups rebrand, splinter, and migrate infrastructure to evade takedowns and monitoring.

Manual monitoring no longer scales

Hundreds of active extortion sources make human-only tracking unreliable and slow.

280+
Ransomware & extortion sources monitored since 2019
500+
Verified leak claims tracked monthly
Fortune 100
Customers across security, risk, and legal teams

Live Monitoring Output

Real-time ransomware and data-leak monitoring metrics.
These numbers reflect automated detection plus analyst validation, and are updated regularly.

Coverage: ransomware + extortion leak ecosystems Delivery: dashboard · email · API Last updated:

Alerts issued (30d)

Email alerts delivered to customers.

New claim listings (30d)

Detected across monitored extortion sources.

Sources monitored (30d)

Active sites with new claims.

Avg alert latency

From detection → customer alert (median).

Trend: New Claim Listings (Last 30 Days)

Last 7 Days Snapshot

Date New claims Data Leaks Screenshots
Public stats page

What You Actually Get

The eCrime.ch platform provides real, actionable insights with examples of dashboards, alerts, reports, and API outputs. Explore how our tools can help your team stay ahead of threats and make informed decisions.

Dashboard screenshot

Dashboard

Search, filter, and review cases with context your team can act on.

  • Case view with timeline and artifacts
  • Tags, notes, export
  • Collaboration-ready links
Request free trial Watch a walkthrough
Slack alert screenshot (custom integration)

Real-time alerts

Get notified immediately when an entity you care about appears in relevant activity.

  • Keyword / domain / entity watchlists
  • Sector filters and priority scoring
  • Email, Slack, and webhook delivery
Request free trial See sample alert

Reports

Executive-ready summaries your stakeholders will actually read.

  • Weekly digest & monthly brief
  • Custom reports for portfolio / vendors
  • PDF/Slides-ready output
Request a sample report Compare plans

API

Integrate with SIEM/SOAR, case management, or internal tooling.

  • Entity & case endpoints
  • Webhook delivery
  • Export and automation workflows
Get API access View API docs 
curl -sS "https://ecrime.ch/api/v1/events/search/ExampleCo/" \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Accept: application/json"

# Example response (truncated)
{
  "data": [
    {
      "id": "42",
      "first_seen": "2023-07-09 05:31:14",
      "last_seen": "2023-07-09 14:16:34",
      "leak_site": "8BASE",
      "leak_title": "ExampleCo",
      "country": "Canada",
      "sector": "Oil and Gas",
      "name": "Example Co., Inc.",
      "website": "https:\/\/www.example.com\/",
      "employees": "11-50 employees",
      "leak_url": "http:\/\/basemm....onion\/company\/123456",
      "duplicate": null,
      "data_leak": 0,
      "last_update": "2023-07-09 05:32:34",
      "extra": "
REMOVED<\/div>",
      "logo": "https:\/\/ecrime.ch\/image\/logos\/logo.jpg",
      "keyword": "false"

    }
  ]
}
Monthly report screenshot

Comparison

Executive-ready summaries your stakeholders will actually read.

  • Weekly digest & monthly brief
  • Custom reports for portfolio / vendors
  • PDF/Slides-ready output
Compare plans

File Search - Try It!

Curious what files are leaked? Try our file search tool.
Enter any file name below to see if it has been exposed. The search will return up to 10 results.

Total indexed: 1.712 billion file names | Last update: Mar 29, 2026 08:05 PM

Use eCrime.ch To …

Empower your team with actionable insights tailored to your unique security challenges and mitigate third-party risks by continuously monitoring your vendors and critical suppliers for potential exposure.

Incident response

Confirm claims, track updates, brief leadership with facts.

SOC monitoring

Alerting + automation via API, aligned to your workflows.

Third-party risk

Monitor vendors and critical suppliers continuously.

Brand protection

Track extortion threats and related abuse signals.

Insurance / underwriting

Signals that help inform exposure and monitoring posture.

Executive reporting

Weekly/monthly summaries that drive decisions.

Why Teams Choose eCrime.ch

Stay ahead and improve your teams work - trusted by organizations to deliver precise, real-time intelligence that protects your business and reputation.

Focused monitoring
Extortion & leak ecosystems - not just broad news scraping.
Operational delivery
Alerts + dashboard + API - signals become actions.
Stakeholder-ready reporting
Human-curated options for executives and clients.
Unique file name search
Search by file names to quickly identify relevant leaks and data.
Fast onboarding
Watchlists and entity setup in minutes, not days.
Request free trial See pricing
Mini comparison
eCrime.ch vs generic threat feeds
eCrime.ch Generic feeds
Strong leak-ecosystem focus ⚠️
Entity matching
Alerts + dashboard
API + automation ⚠️
File name search
CAPTCHA bypasses
Zapier App
Integrate into existing business processes ⚠️

Simple Plans for Teams of Any Size

No complicated pricing or hidden fees.

Professional
Most popular
For CTI, DFIR or SOC teams
USD 2,799
/ year
  • One (1) account included
  • Claims screenshots
  • Dashboard & API access
  • Email alerts (keyword, daily, weekly)
  • Full data exports
  • File name search
Request trial
Commercial
For firms creating their own products
Let’s talk
Custom
  • Ten (10) accounts included
  • Everything in Professional
  • Commercial re-use of data
  • Entity watchlist
  • Full data exports
  • Integration support
Contact us
Enterprise
For large organizations with custom needs
Let’s talk
Custom
  • Custom account count
  • Everything in Professional
  • Self-service portal for account management
  • SLA & priority support
  • Shared keyword watchlists
  • SSO integration
Contact us
Monthly billing available on request. Plans and pricing subject to change.

Frequently Asked Questions

Address common questions and concerns to help clarify coverage, accuracy, legality, support, and data integration.

We monitor over 100 extortion & leak sites, including dark web sources. Thanks to our partnerships with DFIR and threat intelligence firms, we are often times the first service to integrate new leaksites.

Our scraping systems detect new content within minutes - latest within 15 minutes - of publication. Alerts are sent every 15 minutes, API calls can happen at any time. The enrichment process may take up to 24 hours, as this is a manual task to validate claims.

The eCrime.ch prides itself on high signal-to-noise ratio. We use a combination of automated entity matching, de-duplication algorithms, and manual review to ensure that the data is relevant and actionable. Each claim is enriched with context such as subsidiary mapping, sector tags, and public links to provide a comprehensive view.

Yes - our API provides endpoints for searching entities and retrieving case details. Authentication is handled via API keys, and you can setup webhooks or pull-call-integrations for real-time alert delivery. API access is included in all plans.

Link to your privacy/terms/imprint pages and describe what information we collect as well as how we handle it.

Our API allows for seamless integration with SIEM/SOAR platforms and case management systems. We also provide a Zapier app to connect with hundreds of other tools (on request). Many of our customers build custom integrations using our API, leveraging their internal tooling, such as third-party risk platforms to identify vendor risks and prioritize remediation efforts.

We focus exclusively on extortion and leak ecosystems. We do not provide broad threat intelligence, no Telegram-monitoring, malware analysis, or phishing detection services. Our goal is to deliver high-quality, actionable insights specifically related to ransomware and data leak claims.

Yes, our system is designed to identify and filter out reposts and mirrored content. We use a combination of automated algorithms and manual review to ensure that our alerts are relevant and actionable. This helps reduce noise and ensures that you only receive notifications about new and unique claims.

We accept all major credit cards (Visa, MasterCard, American Express) via Stripe. For enterprise customers, we also offer invoicing options. Please contact us for more details.

Currently, we bill in USD (primary currency), but can invoice in other currencies like EUR, GBP, and CHF upon request. If you require billing in a different currency, please contact our support team to discuss available options.

Yes, we have local bank accounts in several regions to facilitate easier payments for our international customers. Please contact our support team to get the relevant bank details for your region.

Yes, we accept purchase orders for enterprise subscriptions. Please ensure that the PO includes all necessary details, such as billing information and the agreed-upon plan. Once we receive the PO, we will process it and send you an invoice.

We offer flexible billing terms to accommodate our customers' needs. Standard billing is annual and terms are net-30 unless otherwise agreed, but we can also provide monthly billing upon request. Please contact our sales team to discuss your specific requirements.

No, we do not accept USD cheques as a form of payment. We recommend using our online payment options via credit card or bank transfer for a faster and more secure transaction.

Built in Switzerland. Trusted Globally.

We take data privacy and compliance seriously.

Swiss-based operations

Our service is proudly Swiss, with all operations and data storage based in Switzerland. Our team consists of Swiss professionals dedicated to ensuring the highest standards of quality, privacy, and security.

GDPR-aware data handling

We ensure secure data storage of customer data in Switzerland and Europe, adhering to the highest standards of privacy and compliance for all clients.

Clear privacy and legal disclosures

Ensure transparency and trust with our commitment to clear privacy and legal disclosures. We prioritize compliance and data protection, providing you with the confidence to operate securely in a rapidly evolving digital landscape.

Get Ahead of Ransomware and Leak Claims.

Tell us what you want to monitor. We’ll show you the dashboard and a sample report for your sector.

Demo for 20–30 minutes Sample report available Dashboard and API walkthrough
Email us
By submitting, you agree to our terms and privacy policy. Every submission is reviewed manually - we do not send automated emails.