{"id":1407,"date":"2020-07-17T16:54:32","date_gmt":"2020-07-17T20:54:32","guid":{"rendered":"https:\/\/sites.temple.edu\/care\/?page_id=1407"},"modified":"2026-01-26T09:40:00","modified_gmt":"2026-01-26T14:40:00","slug":"cira","status":"publish","type":"page","link":"https:\/\/sites.temple.edu\/care\/cira\/","title":{"rendered":"Critical Infrastructure Ransomware Attacks (CIRA)"},"content":{"rendered":"

In September 2019, we started a dataset of Critical Infrastructures Ransomware Attacks (CIRAs). These are based on publicly disclosed incidents in the media or security reports. This dataset (version 12.16)<\/strong> now has 2,291 <\/strong>records assembled from publicly disclosed incidents between November 2013 <\/strong>and December 31, 2025, <\/strong>and has been mapped to the MITRE ATT&CK Framework<\/a>. To date, we have fulfilled 1,806 requests<\/em><\/span>. Some publicly known uses of the dataset can be found in research papers and reports<\/a>.<\/p>\n

If you use the dataset, in whole or in part, for any analysis, publication, presentation, or any other dissemination (including social media), you agree to cite this dataset in your reference list as:
\nRege, A. (2026). “Critical Infrastructure Ransomware Attacks (CIRA) Dataset”. Version 12.16. Temple University. Online at https:\/\/sites.temple.edu\/care\/cira\/. ORCID: 0000-0002-6396-1066.<\/em><\/p>\n

PLEASE NOTE THE FOLLOWING:<\/span><\/strong><\/p>\n

    \n
  1. We do NOT send the dataset to a personal email (gmail, protonmail, hotmail, etc.). We will not respond to requests coming from these email addresses.<\/span><\/li>\n
  2. Allow 2-4 weeks for us to respond to your request.<\/span><\/li>\n
  3. This dataset is free and accessible to the community. It can be used for educational\/training purposes, conducting your own analysis\/threat intel, sharing with stakeholders, etc. This limited license for the use of the dataset does not include commercial or for-profit purposes. Please do NOT use\/share this dataset to develop commercial products\/services\/software that others have to pay for!<\/span><\/strong><\/li>\n
  4. By using this dataset you agree that all copyright and\/or other proprietary notices on these materials must be kept intact and may not be removed<\/strong>.<\/span><\/li>\n<\/ol>\n

    Download the dataset here<\/u><\/b><\/span><\/a><\/p>\n

    Want to submit a CIRA<\/a>? We may have missed a CIRA incident and your contribution, if relevant, will be added to this dataset!<\/p>\n

    Our dataset has been featured in Security Week (2025)<\/a>, Security Week (2022)<\/a>, Security Week (2020)<\/a>,\u00a0Gartner<\/a>, BRINK<\/a>, Security Magazine<\/a>, SentinelOne<\/a>, Bleeping Computer<\/a>, Dark Reading<\/a>, Cyber Peace Institute<\/a>, the Washington Post<\/a>, Bloomberg<\/a>, USA Today<\/a>, Institute for New Economic Thinking<\/a>, The Dallas Morning News<\/a>, Business Insider<\/a>, California News Times<\/a>, Financial Times<\/a>, CIO Dive<\/a>, and eSecurity Planet<\/a>!<\/p>\n

    To learn how we developed the CIRA dataset in greater detail, you can read our paper: Rege, A. & Bleiman, R.(2022) . \u201cA Free and Community-driven Critical Infrastructure Ransomware Dataset\u201d. Proceedings from the IEEE Cyber Science Conference.<\/em><\/p>\n

    Other ransomware datasets<\/strong><\/p>\n

    Ransomware.live<\/a>
    \n    Comparitech’s Map of worldwide ransomware attacks (updated daily)<\/a><\/p>\n

    Check out these fantastic resources for ICS security<\/a>.<\/p>\n

     <\/p>\n

    <\/p>\n

    var sc_project=12360776;
    \nvar sc_invisible=1;
    \nvar sc_security=”ddf74f40″; <\/span><\/p>\n

    \"Web<\/a><\/div>\n

    <\/p>\n","protected":false},"excerpt":{"rendered":"

    In September 2019, we started a dataset of Critical Infrastructures Ransomware Attacks (CIRAs). These are based on publicly disclosed incidents in the media or security…<\/p>\n

    Continue readingCritical Infrastructure Ransomware Attacks (CIRA)<\/span><\/a><\/div>\n","protected":false},"author":2224,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"templates\/full-width.php","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-1407","page","type-page","status-publish","hentry","entry"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/sites.temple.edu\/care\/wp-json\/wp\/v2\/pages\/1407","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sites.temple.edu\/care\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.temple.edu\/care\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.temple.edu\/care\/wp-json\/wp\/v2\/users\/2224"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.temple.edu\/care\/wp-json\/wp\/v2\/comments?post=1407"}],"version-history":[{"count":81,"href":"https:\/\/sites.temple.edu\/care\/wp-json\/wp\/v2\/pages\/1407\/revisions"}],"predecessor-version":[{"id":4123,"href":"https:\/\/sites.temple.edu\/care\/wp-json\/wp\/v2\/pages\/1407\/revisions\/4123"}],"wp:attachment":[{"href":"https:\/\/sites.temple.edu\/care\/wp-json\/wp\/v2\/media?parent=1407"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}