Press "Enter" to skip to content

Critical Infrastructure Ransomware Attacks

In September 2019, we started a dataset of Critical Infrastructures Ransomware Attacks (CIRWAs). These are based on publicly disclosed incidents in the media or security reports. This dataset (version 10.9) now has 907 records assembled from publicly disclosed incidents between November 2013 and March 2021, and has been mapped to the MITRE ATT&CK Framework. This is a FREE resource that you can request.

Our dataset was featured in Security Week, Bleeping Computer, and Dark Reading!

We have partnered with SentinelOne to develop a data-driven ransomware incident response playbook. Learn more here.

Want to submit a CIRWA? Your contribution, if relevant, will be added to this dataset!

Summary Findings (2013-2021)
Most targeted CI: Government facilities
Most common RW strain: Maze
Most typical duration of RWAs: 1 week or less
Most typical ransom amount demanded: USD 50,000 or less
Download the 1-page summary

Who has requested our repository?

We have had download requests from industry, researchers, faculty, undergraduate and graduate students

var sc_project=12360776;
var sc_invisible=1;
var sc_security=”ddf74f40″;

Web Analytics