2020 was a record year for the number of ransomware attacks on CI
Cybersecurity in Action, Research & Education (CARE), a social science approach to cybersecurity that fosters interdisciplinary dialogue between academics, industry and law enforcement, has released a new version of its critical infrastructure (CI) incident registry related to ransomware attacks .
CARE began maintaining the Critical Infrastructures Ransomware Attacks (CIRWA) registry in September 2019. It is based on publicly disclosed incidents in the media and security notices. The new (tenth) version of the registry contains 651 records of cyber attacks on critical infrastructure using ransomware for the period from November 2013 to July 2020.
According to the registry, most incidents involving the Maze ransomware were uncovered during this period. It is followed in descending order by WannaCry, Ryuk, Sodinokibi (Revil), Samsam, DoppelPaymer, NetWalker, BitPaymer, CryptoLocker and CryptoWall. Most of the cyberattacks lasted for a week, and the ransom amount most often amounted to about $ 50 thousand.
Most of the disclosed cyberattacks were carried out on government agencies. This is followed by medical and educational institutions, emergency response services, industrial facilities, information technology, communications, transport systems, commercial enterprises, the electricity sector, financial services, food and agricultural industries.
Most cyber attacks on critical infrastructure using ransomware were uncovered in 2020 - 209. This is 9 more than a year earlier. In 2018, 68 incidents were disclosed, in 2017 - 83, in 2016 - 77, in 2015 - 9, in 2014 - 6, and in 2013 - only 2.