In September 2019, we started a dataset of Critical Infrastructures Ransomware Attacks (CIRWAs). These are based on publicly disclosed incidents in the media or security reports. This dataset (version 11.6) now has 1,066 records assembled from publicly disclosed incidents between November 2013 and October 31, 2021, and has been mapped to the MITRE ATT&CK Framework. This is a FREE resource that you can request.
We are trying our best to keep this dataset free and accessible to the community. This dataset can be used for educational/training purposes, conducting your own analysis/threat intel, sharing with stakeholders, etc. Please do NOT use/share this dataset to develop commercial products/services/software that others have to pay for!
If you do use the dataset for any analysis, publication, presentation, or any other dissemination, please cite this dataset in your reference list as:
Rege, A. (2021). “Critical Infrastructure Ransomware Incident Dataset”. Version 11.6. Temple University. Online at https://sites.temple.edu/care/ci-rw-attacks/. Funded by National Science Foundation CAREER Award #1453040. ORCID: 0000-0002-6396-1066.
Our dataset was featured in Security Week, BRINK, Security Magazine, SenteinelOne, Bleeping Computer, Dark Reading, the Washington Post, Bloomberg, USA Today, Institute for New Economic Thinking, The Dallas Morning News, Business Insider, California News Times, and eSecurity Planet!
We have partnered with SentinelOne to develop a data-driven ransomware incident response playbook. Learn more here.
Want to submit a CIRWA? Your contribution, if relevant, will be added to this dataset!
| Summary Findings (2013-2021) Most targeted CI: Government facilities Most common RW strain: Maze Most typical duration of RWAs: 1 week or less Most typical ransom amount demanded: USD 50,000 or less Download the 1-page summary
|
Who has requested our repository?
We have had download requests from government, industry, researchers, media, faculty, graduate and undergraduate students
|
var sc_project=12360776;
var sc_invisible=1;
var sc_security=”ddf74f40″;