Researchers from Temple University have been tracking ransomware attacks on critical infrastructure all over the world.
A team of researchers at Temple University in Philadelphia has presented a project named CIRWA (repository of critical infrastructure ransomware attacks) that aims at tracking ransomware attacks on critical infrastructure worldwide.
The project was launched in September 2019 and as of August 2020, the experts collected 680 records of ransomware attacks that took place since November 2013. The maintainers of the project also mapped the attacks to the MITRE ATT&CK framework.
“In September 2019, we started a repository of Critical Infrastructures Ransomware Attacks (CIRWAs). These are based on publicly disclosed incidents in the media or security reports.” reads the project description. “This repository (version 10.2) now has 687 records assembled from publicly disclosed incidents between November 2013 and August 2020.”
Anyone can request access to the data by compiling this form.
For each ransomware attack, the researchers collected a broad range of information, including the targeted organization, data of the attack, the date when the attack started, location of the targeted organization, duration of the attack, the ransomware family, the ransom amount, the payment method, industry, whether the amount was paid, and the source of the information.
According to the summary findings related to the period 2013-2020, the most targeted critical infrastructures are government facilities, followed by education and healthcare. The threat actor most active against critical infrastructure are the Maze ransomware operators, while the typical duration of a ransomware attack is of 1 week or less, and the most commonly demanded ransom amount is $50,000 or less.
Exerts pointed out that there are 13 known incidents where the ransomware operators demanded more than $5 million.
Data collected by the researchers are very interesting and very useful for future research projects on the security of the critical infrastructure.
The researchers highlighted the importance of the contribution from the security community, anyone could submit info related to attacks to CIRWA using this form.
(SecurityAffairs – hacking, ransomware)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
Researchers from Temple University have been tracking ransomware attacks on critical infrastructure all over the world.
A team of researchers at Temple University in Philadelphia has presented a project named CIRWA (repository of critical infrastructure ransomware attacks) that aims at tracking ransomware attacks on critical infrastructure worldwide.
The project was launched in September 2019 and as of August 2020, the experts collected 680 records of ransomware attacks that took place since November 2013. The maintainers of the project also mapped the attacks to the MITRE ATT&CK framework.
“In September 2019, we started a repository of Critical Infrastructures Ransomware Attacks (CIRWAs). These are based on publicly disclosed incidents in the media or security reports.” reads the project description. “This repository (version 10.2) now has 687 records assembled from publicly disclosed incidents between November 2013 and August 2020.”
Anyone can request access to the data by compiling this form.
For each ransomware attack, the researchers collected a broad range of information, including the targeted organization, data of the attack, the date when the attack started, location of the targeted organization, duration of the attack, the ransomware family, the ransom amount, the payment method, industry, whether the amount was paid, and the source of the information.
According to the summary findings related to the period 2013-2020, the most targeted critical infrastructures are government facilities, followed by education and healthcare. The threat actor most active against critical infrastructure are the Maze ransomware operators, while the typical duration of a ransomware attack is of 1 week or less, and the most commonly demanded ransom amount is $50,000 or less.
Exerts pointed out that there are 13 known incidents where the ransomware operators demanded more than $5 million.
Data collected by the researchers are very interesting and very useful for future research projects on the security of the critical infrastructure.
The researchers highlighted the importance of the contribution from the security community, anyone could submit info related to attacks to CIRWA using this form.
(SecurityAffairs – hacking, ransomware)