Ransomware

Historically, research organizations have been largely ignored by cybercriminals since they do not typically have data that is easily sold or otherwise monetized. Unfortunately, since ransomware works by extorting payments from victims to get their own data back, research organizations are no longer immune to being targeted by criminals. Trusted CI is committed to motivating research organizations to prevent future negative impacts to their research mission.

Ransomware lessons learned:

• Research at Risk: Ransomware attack on Physics and Astronomy Case Study - In this paper, we examine a ransomware attack on one research organization, the Physics and Astronomy department at Michigan State University, the impact on that research organization—measured in lost years of research—and lessons learned that other research organizations can apply to protect themselves.

  • This report was also presented as a webinar. (Video)(Slides)

Technical landscape

• The Technical Landscape of Ransomware: Threat Models and Defense Models - In this 2023 report, we present the broad landscape of how ransomware can affect a computer system and suggest how the system designer and operator might prepare to recover from such an attack.

  • This report was also presented as a webinar. (Video)(Slides)

Best practices:

• REN-ISAC Ransomware Best Practices

• CISA Ransomware Guidance and Resources

• NIST Ransomware Protection and Response

Blog posts

Trusted CI Blog posts featuring ransomware.

Webinars