Critical Infrastructure Ransomware Tracker Surpasses 2,000 Attacks

A decade of data compiled by Temple University’s Critical Infrastructure Ransomware Attacks (CIRA) project reveals over 2,000 ransomware attacks targeting critical infrastructure worldwide since 2013.  

Overseen by Professor Aunshul Rege and PhD candidate Rachel Bleiman, the database highlights increasing threats to sectors such as government, healthcare, and education, while nuclear and defense sectors remain less targeted.

The CIRA dataset, enriched with details like attacker groups, ransom amounts, and incident durations, reveals a sharp rise in ransom demands.  

For example, demands exceeding $5 million increased from 49 to 70 cases, while $1 million demands rose from 45 to 71. “More than USD 5 million went up from a frequency count of 49 to 70,” Rege and Bleiman noted, underlining the escalating stakes for victims.

Accessible to researchers, government agencies, and educators, the database supports cybersecurity training, threat analysis, and incident response planning. It has been cited in numerous studies and policy developments, aiding efforts to assess and mitigate ransomware risks.

Future enhancements aim to deepen global incident coverage and refine extortion phase data. Rege envisions a community-driven OSINT challenge to expand the dataset, remarking, “This event would make the CIRA dataset truly community-driven and a fun event/challenge,” SecurityWeek reports.

Takeaway: The US government is struggling to counter the relentless wave of ransomware attacks targeting critical infrastructure. While there have been occasional arrests and sanctions against ransomware operators, the overall impact on stopping these attacks has been minimal.  

The challenge lies in pinpointing who is truly behind them, especially when some ransomware groups appear to have support from rogue nations. Even when operations are disrupted, new attackers quickly fill the void, making it feel like an endless game of whack-a-mole.

What’s worse, ransomware has evolved from being a minor nuisance to a multi-billion-dollar industry. With the rise of ransomware-as-a-service (RaaS) platforms, it’s now easier than ever for cybercriminals to launch attacks.  

RaaS platforms provide tools that automate attack sequences, making it relatively simple for less skilled attackers to conduct ransomware operations. This shift has dramatically increased the frequency and scale of attacks, turning critical sectors like healthcare, energy, and defense into high-priority targets.

The situation is especially alarming for Linux systems, which power the majority of web servers, cloud environments, and key government and military networks. Despite their importance, Linux environments often don’t get the same level of security attention as Windows systems, leaving them vulnerable.  

Attackers take advantage of outdated software, weak configurations, and exposed ports to move through networks, steal data, and encrypt critical files. When ransomware hits Linux-based virtualized or cloud systems, the damage is widespread, disrupting entire operations and leading to enormous financial losses.

This growing threat demands a shift in how ransomware is addressed, recognizing it not just as cybercrime but as a serious national security issue.

‍

‍Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more and check out the Halcyon Attacks Lookout resource site. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.