Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CIRWA Project tracks ransomware attacks on critical infrastructure

Researchers from Temple University have been tracking ransomware attacks on critical infrastructure all over the world. A team of researchers at Temple University in Philadelphia has presented a project named CIRWA (repository of critical infrastructure ransomware attacks) that aims at tracking ransomware attacks on critical infrastructure worldwide. The project was launched in September 2019 and […]

critical infrastructure ransowmare attacks

Researchers from Temple University have been tracking ransomware attacks on critical infrastructure all over the world.

A team of researchers at Temple University in Philadelphia has presented a project named CIRWA (repository of critical infrastructure ransomware attacks) that aims at tracking ransomware attacks on critical infrastructure worldwide.

The project was launched in September 2019 and as of August 2020, the experts collected 680 records of ransomware attacks that took place since November 2013. The maintainers of the project also mapped the attacks to the MITRE ATT&CK framework.

“In September 2019, we started a repository of Critical Infrastructures Ransomware Attacks (CIRWAs). These are based on publicly disclosed incidents in the media or security reports.” reads the project description. “This repository (version 10.2) now has 687 records assembled from publicly disclosed incidents between November 2013 and August 2020.”

Anyone can request access to the data by compiling this form.

For each ransomware attack, the researchers collected a broad range of information, including the targeted organization, data of the attack, the date when the attack started, location of the targeted organization, duration of the attack, the ransomware family, the ransom amount, the payment method, industry, whether the amount was paid, and the source of the information.

According to the summary findings related to the period 2013-2020, the most targeted critical infrastructures are government facilities, followed by education and healthcare. The threat actor most active against critical infrastructure are the Maze ransomware operators, while the typical duration of a ransomware attack is of 1 week or less, and the most commonly demanded ransom amount is $50,000 or less.

Exerts pointed out that there are 13 known incidents where the ransomware operators demanded more than $5 million.

critical infrastructure ransowmare attacks

Data collected by the researchers are very interesting and very useful for future research projects on the security of the critical infrastructure.

The researchers highlighted the importance of the contribution from the security community, anyone could submit info related to attacks to CIRWA using this form.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]