In an ambitious project spanning a decade, Temple University in Philadelphia has diligently tracked ransomware attacks targeting critical infrastructure, providing invaluable insights into this pressing cybersecurity threat. Spearheaded by Professor Aunshul Rege and PhD candidate Rachel Bleiman, the Critical Infrastructure Ransomware Attacks (CIRA) database has meticulously documented 2,000 ransomware incidents since its inception in 2013. The rich dataset includes information such as the victim’s name, the date of the incident, the targeted sector, the responsible threat group, the duration of the attack, MITRE ATT&CK mapping, ransom demands, and payments made.
Persistent Targets for Ransomware
Over the years, certain sectors have emerged as consistent targets for ransomware attacks, demonstrating the persistent vulnerability of particular types of critical infrastructure. These sectors include government facilities, healthcare and public health institutions, and educational facilities. Each of these areas holds critical data and services, making them prime targets for cybercriminals seeking lucrative payouts. On the other hand, some sectors like nuclear reactors, materials and waste management, the defense industrial base, chemical plants, and water and wastewater facilities have experienced significantly fewer attacks. This disparity highlights varying levels of security measures and priorities across different sectors.
Rising Ransom Demands
One of the most significant findings from the CIRA database is the dramatic increase in ransom demands over time. The data reveals a troubling trend: incidents where more than $5 million was demanded rose sharply from 49 to 70 cases, while those with demands of $1 million increased from 45 to 71. Even the smaller demands, those under $1 million, have seen a marked increase. This escalation in ransom amounts underscores the growing audacity of cybercriminals and the heightened risk faced by targeted sectors. It also points to the urgent need for enhanced security measures and more robust response strategies.
Broad Utility of the CIRA Database
The CIRA database, accessible for free, has become an essential resource for a wide range of professionals. Among its users are researchers, cybersecurity experts, students, government entities, educators, and reporters. Security professionals use the data for various purposes, including research, training, education, incident response planning, trend analysis, and risk assessment. In government sectors, the database has proven instrumental in training personnel, identifying trends, assessing response efforts, developing strategies, and securing necessary funding to combat ransomware threats.
Future Enhancements and Global Expansion
Future plans for the CIRA project include enhancing its features and expanding its scope on a global scale. These updates aim to provide deeper insights into ransomware trends across different regions and sectors to inform more effective prevention and response strategies. By continually updating and refining the database, CIRA stands as an essential resource in the ongoing battle to protect critical infrastructure from malicious cyber actors.
