Press "Enter" to skip to content

Critical Infrastructure Ransomware Attacks

In September 2019, we started a dataset of Critical Infrastructures Ransomware Attacks (CIRWAs). These are based on publicly disclosed incidents in the media or security reports. This dataset (version 11.2) now has 980 records assembled from publicly disclosed incidents between November 2013 and June 2021, and has been mapped to the MITRE ATT&CK Framework. This is a FREE resource that you can request.

We are trying our best to keep this dataset free and accessible to the community. This dataset can be used for educational/training purposes, conducting your own analysis/threat intel, sharing with stakeholders, etc. Please do NOT use/share this dataset to develop commercial products/services/softwares that others have to pay for!

Our dataset was featured in Security Week, SenteinelOne, Bleeping Computer, Dark Reading, the Washington Post, Bloomberg, USA Today, Institute for New Economic Thinking, The Dallas Morning News, Business Insider, California News Times, and eSecurity Planet!

We have partnered with SentinelOne to develop a data-driven ransomware incident response playbook. Learn more here.

Want to submit a CIRWA? Your contribution, if relevant, will be added to this dataset!

Summary Findings (2013-2021)
Most targeted CI: Government facilities
Most common RW strain: Maze
Most typical duration of RWAs: 1 week or less
Most typical ransom amount demanded: USD 50,000 or lessDownload the 1-page summary

Who has requested our repository?

We have had download requests from industry, researchers, faculty, undergraduate and graduate students

var sc_project=12360776;
var sc_invisible=1;
var sc_security=”ddf74f40″;

Web Analytics