analyzing-ransomware-payment-wallets
Installation
SKILL.md
Analyzing Ransomware Payment Wallets
When to Use
- An organization has been hit by ransomware and the ransom note contains a Bitcoin or cryptocurrency wallet address that needs investigation
- Law enforcement or incident responders need to trace where ransom payments flowed after the victim paid
- Threat intelligence analysts are attributing ransomware campaigns by clustering payment infrastructure across incidents
- Investigators need to determine if a ransomware group is reusing wallet infrastructure across multiple victims
- Compliance or legal teams need evidence of fund flows for prosecution, sanctions enforcement, or insurance claims
Do not use this skill for live payment interception or to interact directly with ransomware operators. All analysis should be passive and read-only against public blockchain data.