A team at Temple University in Philadelphia has been tracking worldwide ransomware attacks on critical infrastructure, and anyone can request access to the data.
Work on this project, described as a repository of critical infrastructure ransomware attacks (CIRWA), started in September 2019. As of August 2020, the database includes over 680 records of ransomware attacks documented since November 2013.
The repository, offered for free as a Microsoft Excel file, stores information on incidents described by the media and cybersecurity companies.
The information includes the name of the targeted organization, the year the attack was launched, the date when the attack started, location of the targeted organization, the targeted sector, duration of the attack, the ransomware family that was used, the ransom amount, the payment method, whether the amount was paid, how much was paid, the source of the information, and related incidents. Based on the type of ransomware that was used, there are also links to the MITRE ATT&CK framework.
An analysis of the data currently shows that government facilities were the most targeted type of critical infrastructure — followed at a distance by education and healthcare — and Maze was the most common ransomware strain. It’s worth noting that the project tracks incidents affecting critical infrastructure as defined by the U.S. Department of Homeland Security.
The most commonly observed duration of a ransomware attack is one week or less, and the most commonly demanded ransom amount is $50,000 or less, but there are 13 known incidents where the attackers demanded more than $5 million.
Ransom ..
Support the originator by clicking the read the rest link below.
