Ransomware and cyber security attacks are some of the largest risks for companies and government agencies these days. With more and more information and data being accessible online, the prevalence and severity of ransomware continues to grow. While there are some articles addressing certain ransomware types and specific events, there remains a lack of a centralized data repository to provide a more global picture of the issues related to these risks.
Another issue with ransomware is that many targeted companies do not publicize information about ransomware attacks because they are concerned knowledge of past attacks may attract more attention from other bad actors and/or because of possible reputational damage. This exacerbates the problem of accessing valuable data on the quantity and severity of ransomware attacks.
However, there are ways to gather some information in this area if your Modeling the Future Challenge team is interested in this topic. Here are a few groups that study and track information on ransomware and cyber-security attacks.
- Verizon: http://veriscommunity.net/vcdb.html
- S. Department of Health and Human Services: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- Privacy Rights Clearinghouse https://www.privacyrights.org
- Ponemon Institute https://www.ponemon.org
- Advisen https://www.advisenltd.com/data/cyber-loss-data/
- Cyentia https://www.cyentia.com/ransomware-p3-prevalence/
- Deter Project: https://deter-project.org/about_deter_project
- Impact Cyber Trust: https://www.impactcybertrust.org/search
- Palo Alto Networks Unit 42: https://unit42.paloaltonetworks.com/?search_field=ransomware
For your MTFC project, if there are cases where you cannot find full datasets on the topic you’re researching, you may be able to find background information that you can use to make logical assumptions to provide you with enough information to model the risks and recommendations. Before giving up on a topic where it seems hard to find full datasets, explore what knowledge you can find and think about what assumptions you would need to make to create a mathematical model that helps you identify future risks and make recommendations on managing them. Making assumptions is okay, so long as you have valid research backing the assumptions and they are based in logical reasoning.