From Thesis to Paper: HBIR and the Future of Ransomware Leak Detection

3 min read

HaveIBeenRansom (HBIR) effectively detects ransomware data leaks early, protecting individuals and organizations. Published in MDPI Electronics with UGR support.

A Historic Milestone for Our Journey and for Cybersecurity

Today we celebrate a truly historic moment for our company and for HaveIBeenRansom (HBIR). What began as a Master’s Thesis in Cybersecurity has evolved into an internationally recognized tool, following its publication in the scientific journal Electronics by the MDPI publishing group.

This publication not only validates the technical soundness of the project, but also the social and ethical purpose behind it: protecting individuals and organizations from the impact of data leaks caused by ransomware.

Paper MDPI

🔍 What is HaveIBeenRansom (HBIR)?

HBIR is an early detection tool for sensitive information leaks in public repositories used by ransomware groups. Its mission is clear: to alert potential victims before their data is exploited, allowing them to take preventive measures and minimize damage.

At the core of HBIR lies our dedicated crawler, Breach.house, which automatically scans ransomware portals, normalizes the collected data, and feeds it into HBIR’s analytical pipeline to detect patterns of personal (PII) or health-related (PHI) information exposure.

How It Works: HBIR Architecture and Pipeline

1. Data Acquisition – Automated crawling of ransomware leak sites through Breach.house, followed by normalization and secure storage.

2. Preprocessing – Data cleaning, deduplication, and semantic preparation.

3. Sensitive Information Detection – Pattern- and model-based identification of names, emails, phone numbers, addresses, identifiers, and other PII/PHI, reducing false positives through multi-stage validation.

4. Prioritization and Alerts – Severity classification and responsible notification of affected individuals and organizations.

5. Audit and Traceability – Logging of sources, timestamps, and transformations to ensure verifiability and compliance.

Results and Scientific Validation

The MDPI Electronics publication presents a comprehensive validation based on real-world datasets, demonstrating that HBIR:

• Improves early detection of personal information exposure in ransomware repositories.

• Automates workflows that would otherwise be manual and time-consuming.

• Reduces false positives through layered verification and contextual analysis.

These advances position HBIR as a practically valuable tool for incident response teams, privacy officers, DPOs, and compliance units.

Ethics, Privacy, and Responsibility

HBIR was founded on an uncompromising principle: to protect, never to exploit.

Therefore, the tool operates under the following guiding principles:

• Data Minimization: Collecting and processing only what is strictly necessary for early warning purposes.

• Regulatory Compliance: Continuous review against applicable legislation, aligned with GDPR and ethical research practices.

• Security by Design: Access controls, encryption in transit and at rest, and complete process traceability.

• Responsible Communication: Avoiding re-victimization, disclosing only what is essential, and prioritizing responsible notification channels.

Implications and the Road Ahead

The recognition from MDPI motivates us to keep pushing forward. Our next steps include:

• Early Visibility: Reducing the time between ransomware data publication and victim notification.

• Enhanced Detection Models: Continuous improvement of PII/PHI detection accuracy.

• Secure Integrations: APIs for SOCs, CERTs/CSIRTs, and GRC platforms.

• Custom Alerts: Configurable dashboards and notifications for both technical and non-technical users.

An Achievement that Inspires Us

The publication of HaveIBeenRansom (HBIR) in MDPI represents a milestone that acknowledges the technical, social, and ethical value of our work — and marks a turning point in our journey.

This achievement is not a finish line, but a renewed commitment: to keep improving a tool that turns ransomware intelligence into a means of defense, not of fear.

📖 Full article in Electronics (MDPI): RDBAlert: An AI-Driven Automated Tool for Effective Identification of Victims’ Personal Information in Ransomware Data Breaches

🌐 Learn more about HBIR: https://haveibeenransom.com

🤝 For collaborations, partnerships or integrations:

Contact with us:

• LinkedIn: Darkeye Industries -> https://www.linkedin.com/company/darkeye-industries

• 📧 Juan Manuel Tejada Triviño (CEO): [email protected]

• 📧 Samuel Porcel Rodríguez (CMO): [email protected]

: cybersecurity, ransomware, data breaches, early leak detection, HaveIBeenRansom, HBIR, MDPI, Electronics journal, University of Granada, UGR, data protection, PII, PHI, breach monitoring, cybersecurity tools, data analysis, early warning, information security, ransomware intelligence, privacy, SOC, CERT, CSIRT, compliance, GDPR, scientific research, academic publications, cybersecurity innovation, Darkeye Industries