Press "Enter" to skip to content

Critical Infrastructure Ransomware Attacks

In September 2019, we started a dataset of Critical Infrastructures Ransomware Attacks (CIRWAs). These are based on publicly disclosed incidents in the media or security reports. This dataset (version 11.6) now has 1,066 records assembled from publicly disclosed incidents between November 2013 and October 31, 2021, and has been mapped to the MITRE ATT&CK Framework. This is a FREE resource that you can request.

We are trying our best to keep this dataset free and accessible to the community. This dataset can be used for educational/training purposes, conducting your own analysis/threat intel, sharing with stakeholders, etc. Please do NOT use/share this dataset to develop commercial products/services/software that others have to pay for!

If you do use the dataset for any analysis, publication, presentation, or any other dissemination, please cite this dataset in your reference list as:
Rege, A. (2021). “Critical Infrastructure Ransomware Incident Dataset”. Version 11.6. Temple University. Online at https://sites.temple.edu/care/ci-rw-attacks/. Funded by National Science Foundation CAREER Award #1453040. ORCID: 0000-0002-6396-1066.

Our dataset was featured in Security Week, BRINK, Security Magazine, SenteinelOne, Bleeping Computer, Dark Reading, the Washington Post, Bloomberg, USA Today, Institute for New Economic Thinking, The Dallas Morning News, Business Insider, California News Times, and eSecurity Planet!

We have partnered with SentinelOne to develop a data-driven ransomware incident response playbook. Learn more here.

Want to submit a CIRWA? Your contribution, if relevant, will be added to this dataset!

Summary Findings (2013-2021)
Most targeted CI: Government facilities
Most common RW strain: Maze
Most typical duration of RWAs: 1 week or less
Most typical ransom amount demanded: USD 50,000 or less

Download the 1-page summary

Who has requested our repository?

We have had download requests from government, industry, researchers, media, faculty, graduate and undergraduate students

var sc_project=12360776;
var sc_invisible=1;
var sc_security=”ddf74f40″;

Web Analytics