Back

Overview

The Challenge

Solution

User Research

Outcome

Dashboard • Shipped 2026

Ransomware Dashboard

Designing a standardized ransomware dashboard for a cybersecurity-focused company using publicly accessible threat data

Role

UX Design,

UX Research

TIMELINE

8 weeks

SKILLS

UX Design

User Research

Wireframing

Data Visualization

Role

3 UX Designers,

Data Scientists,

Scrum Master

note

The project was completed under NDA. This case study focuses on my role, design approach, and high-level outcomes. If you're interested to learn more, please DM me over LinkedIn or email me.

OVERVIEW

How usable is ransomware data when it’s scattered across sources?

This project focused on the feasibility of transforming publicly accessible ransomware threat data into a standardized internal dashboard.While open-source ransomware data is widely available, it is often fragmented and difficult to interpret at scale. The dashboard was intended to support internal users and stakeholders by bringing fragmented external data into a clearer, more interpretable format.

the challenge

How do you extract and showcase data when it isn’t displayed consistently?

The challenge was to scrape valuable ransomware threat data that was inconsistent and difficult to analyze at scale.


Differences in data architecture, terminology, and update frequency across open-source platforms made it hard to compare and interpret information.
The core challenge was to normalize this data and present visually through a single, consolidated dashboard.

SOLUTION

An interactive threat intelligence dashboard designed to quickly surface patterns, highlight top ransomware actors, and enable deeper investigation into individual groups.

CORE SCREENS

Overview dashboard


a homepage dashboard that brings together multiple views of ransomware threat data.

  • Key KPIs summarizing total groups, victims, and ransom paid. [A1] [A2] [A3]

  • A donut chart visualizing the top 10 impacted sectors. [A4]

  • A bar chart displaying the top 10 countries targeted by victim count. [A5]

  • A filterable table listing individual ransomware incidents by year and month. [A6]


This approach allows internal users and stakeholders to move between high-level trends and detailed incident data within a single, standardized view.

Group-level analysis


A dedicated Groups page for exploring ransomware groups and their activities.

  • Donut charts highlighting the top 10 groups and top earners by ransom amount. [B1]

  • A line chart ranking total victims across categories. [B3]

  • A filterable table detailing ransomware groups by sector, ransom range, time period, and activity status. [B4]


Together, these components allow internal users and stakeholders to examine group-level trends and drill into specific details as needed.

Group details 


A Group Detail page focused on examining individual ransomware attacker groups.

  • Key group-level metrics, including first attack, total victims, and total ransom earned. [C1]

  • A brief descriptive summary of the group.

  • Visual breakdowns of the top 10 targeted sectors and countries. [C3]

  • A detailed table listing all associated victims. [C4]


Together, these elements provide a comprehensive view of a single attacker group.

USER RESEARCH

What does “usable” look like when data comes from multiple open sources?

We followed a structured, user-driven approach to support the development of a unified ransomware dashboard.


We audited multiple open-source ransomware platforms to understand how publicly accessible threat data is structured and presented. This analysis helped identify opportunities to standardize key data categories, including attacker groups, victim organizations, attack metadata, and ransom-related information.

These insights informed low- and mid-fidelity wireframes that organized normalized data into clear tables and visualizations.

After iterative feedback, we delivered developer-ready UI and supporting documentation to support scalable backend integration.

impact

What changes when fragmented threat data becomes a unified system?

This project established a strategic foundation for building a unified ransomware dashboard by transforming fragmented, inconsistent threat data into a cohesive structure.


Through standardized data categorization and clear integration guidance, the work supported a more scalable approach to aggregating ransomware data. Mid-fidelity wireframes translated this structure into a user-centered interface, giving internal teams a clearer way to monitor and explore ransomware threats.