Each dot represents the geolocation of a compromised IP with a ransomed database.

This map updates hourly and represents geolocations of the IPs with ransomed databases in the past 3 weeks, it also aggregates information from the entire available data about those ransom demands such as amount and frequency. The data is sourced through random port scanning and automated investigation of open ports. Comparitech researchers routinely scan the internet for vulnerable databases containing personal information. When we find such an unprotected database, we immediately start an investigation to determine who is responsible for it, who is impacted, what types of data are exposed, and what potential consequences the data subjects might face as a result.