In 2023, the worldwide number of malware attacks reached 6.06 billion, an increase of 10 percent compared to the preceding year. In recent years, the highest number of malware attacks was detected in 2018, when 10.5 billion such attacks were reported across the globe. Malware attacks worldwide In 2022, worm malware was blocked over 205 million times. Another common malware type during that period, Emotet, primarily targeted the Asia-Pacific region. Overall, websites are the most common vector for malware attacks and recent industry data found that malware attacks were frequently received via exe files. Most targeted industries In 2022, the education sector was heavily targeted by malware, encountering 2,314 weekly attacks on average. Government and military organizations ranked second, followed by the healthcare units. Overall, in 2022, the education sector saw over five million malware attacks in the examined year.

Title: Network Traffic Analysis Dataset for Cybersecurity

Description: This dataset contains network traffic data that simulates various types of communication between network entities, specifically focusing on different protocols and potential security threats. The data includes information about packets exchanged between sender and receiver entities, their attributes, and associated attack types.

Columns:

Protocol: The communication protocol used for the packet (e.g., TCP or UDP). Flag: The flag associated with the packet (e.g., SYN, ACK, RST, FIN). Packet: The type of packet exchanged (e.g., HTTP, DNS, SSH, FTP, NTP). Sender ID: Unique identifier for the sender entity. Receiver ID: Unique identifier for the receiver entity. Source IP Address: IP address of the source entity. Destination IP Address: IP address of the destination entity. Source Port: Port number on the source entity. Destination Port: Port number on the destination entity. Packet Size: Size of the packet in bytes. Target Variable: The potential security threat associated with the packet (e.g., Phishing, DoS, Man-in-the-Middle, DDoS, SQL Injection, Cross-Site Scripting, Ransomware, Password Attacks, Zero-Day Exploits). Intended Use: This dataset is intended for use in cybersecurity research and analysis, particularly for the development and evaluation of intrusion detection systems, network anomaly detection algorithms, and predictive models for identifying potential security threats. It can also be utilized to explore patterns and relationships between different types of network traffic and associated attack vectors.

Considerations:

Data Privacy: Ensure that any sensitive or personal information in the dataset is anonymized or masked to protect user privacy. Data Preprocessing: Before using the dataset, perform preprocessing tasks such as handling missing values, standardizing column names, and encoding categorical variables. Feature Engineering: Depending on the analysis goals, additional features may be engineered from the available attributes to enhance model performance. Data Splitting: Divide the dataset into training, validation, and testing subsets for model development and evaluation. Documentation: Provide clear documentation detailing the dataset's origin, structure, and any preprocessing steps applied. By providing this dataset on Kaggle, researchers and data scientists interested in the field of cybersecurity can access a controlled simulation of network traffic to explore and develop solutions for detecting and mitigating potential security threats.

As of 2025, nearly 63 percent of businesses worldwide were affected by ransomware attacks. This figure represents a decrease on the previous year and was by far the lowest figure reported since 2020. Overall, since 2018, more than half of the total survey respondents each year stated that their organizations had been victimized by ransomware. Most targeted industries In 2024, the critical manufacturing industry in the United States was once again most targeted by ransomware attacks. Overall, organizations in this industry experienced 258 cyberattacks in the measured year. Healthcare and the public health sector ranked second, followed by government facilities, with 238 and 220 cyberattacks, respectively. Ransomware in the manufacturing industry The manufacturing industry, along with its subindustries, is constantly targeted by ransomware attacks, causing data loss, business disruptions, and reputational damage. Often, such cyberattacks are international and have a political intent. In 2024, exploited vulnerabilities were the leading cause of ransomware attacks in the manufacturing industry.

A 2025 survey of cybersecurity professionals of organizations worldwide revealed that 32 percent of the organizations suffered ransomware attacks due to exploited vulnerabilities. Compromised credentials were the second-most common cause of successful ransomware attacks, while malicious e-mail ranked third.

In January 2025, a small fintech startup in Austin discovered it had fallen victim to a cyberattack. At first glance, the breach looked like a typical case of credential stuffing. But it wasn’t. The attacker had used an AI-driven system that mimicked the behavioral patterns of employees, learning login habits,...

📌 Context of the Dataset

The Healthcare Ransomware Dataset was created to simulate real-world cyberattacks in the healthcare industry. Hospitals, clinics, and research labs have become prime targets for ransomware due to their reliance on real-time patient data and legacy IT infrastructure. This dataset provides insight into attack patterns, recovery times, and cybersecurity practices across different healthcare organizations.

Why is this important?

Ransomware attacks on healthcare organizations can shut down entire hospitals, delay treatments, and put lives at risk. Understanding how different healthcare organizations respond to attacks can help develop better security strategies. The dataset allows cybersecurity analysts, data scientists, and researchers to study patterns in ransomware incidents and explore predictive modeling for risk mitigation.

📌 Sources and Research Inspiration This simulated dataset was inspired by real-world cybersecurity reports and built using insights from official sources, including:

1️⃣ IBM Cost of a Data Breach Report (2024)

The healthcare sector had the highest average cost of data breaches ($10.93 million per incident). On average, organizations recovered only 64.8% of their data after paying ransom. Healthcare breaches took 277 days on average to detect and contain.

2️⃣ Sophos State of Ransomware in Healthcare (2024)

67% of healthcare organizations were hit by ransomware in 2024, an increase from 60% in 2023. 66% of backup compromise attempts succeeded, making data recovery significantly more difficult. The most common attack vectors included exploited vulnerabilities (34%) and compromised credentials (34%).

3️⃣ Health & Human Services (HHS) Cybersecurity Reports

Ransomware incidents in healthcare have doubled since 2016. Organizations that fail to monitor threats frequently experience higher infection rates.

4️⃣ Cybersecurity & Infrastructure Security Agency (CISA) Alerts

Identified phishing, unpatched software, and exposed RDP ports as top ransomware entry points. Only 13% of healthcare organizations monitor cyber threats more than once per day, increasing the risk of undetected attacks.

5️⃣ Emsisoft 2020 Report on Ransomware in Healthcare

The number of ransomware attacks in healthcare increased by 278% between 2018 and 2023. 560 healthcare facilities were affected in a single year, disrupting patient care and emergency services.

📌 Why is This a Simulated Dataset?

This dataset does not contain real patient data or actual ransomware cases. Instead, it was built using probabilistic modeling and structured randomness based on industry benchmarks and cybersecurity reports.

How It Was Created:

1️⃣ Defining the Dataset Structure

The dataset was designed to simulate realistic attack patterns in healthcare, using actual ransomware case studies as inspiration.

Columns were selected based on what real-world cybersecurity teams track, such as: Attack methods (phishing, RDP exploits, credential theft). Infection rates, recovery time, and backup compromise rates. Organization type (hospitals, clinics, research labs) and monitoring frequency.

2️⃣ Generating Realistic Data Using ChatGPT & Python

ChatGPT assisted in defining relationships between attack factors, ensuring that key cybersecurity concepts were accurately reflected. Python’s NumPy and Pandas libraries were used to introduce randomized attack simulations based on real-world statistics. Data was validated against industry research to ensure it aligns with actual ransomware attack trends.

3️⃣ Ensuring Logical Relationships Between Data Points

Hospitals take longer to recover due to larger infrastructure and compliance requirements. Organizations that track more cyber threats recover faster because they detect attacks earlier. Backup security significantly impacts recovery time, reflecting the real-world risk of backup encryption attacks.

📂

The Global Cybersecurity Threats Dataset (2015-2024) provides extensive data on cyberattacks, malware types, targeted industries, and affected countries. It is designed for threat intelligence analysis, cybersecurity trend forecasting, and machine learning model development to enhance global digital security.

📊 Column Descriptions

Between 2018 and 2024, the share of global malware attacks that occurred via e-mail increased from ** to ** percent. The percentage of web attacks has decreased, going from ** percent in 2018 to ** percent in 2024.

In March 2025, a small logistics company in Ohio lost access to every operational file it had overnight. Trucks sat idle, routes scrambled, and customer data vanished into encryption. The attackers demanded payment in Bitcoin, $210,000, to unlock the systems. The company paid. What happened next? The decryptor didn’t work....

The dataset "Cybersecurity Cases in India" is a comprehensive collection of real-world cybersecurity incidents reported across various cities in India. The dataset encapsulates the financial loss, incident types, and categories, providing a detailed overview of the cybercrime landscape in one of the world’s largest digital economies. With over 1000 records, it spans incidents from 2020 to 2024, covering various types of cybercrimes such as phishing, online fraud, malware attacks, ransomware, data breaches, DDoS attacks, identity theft, and more. Each record captures important attributes of the incidents, such as the year, date of occurrence, amount lost in INR, the type of incident, the city in which it occurred, and the category of the affected entity (e.g., financial, personal, corporate).

The dataset is structured to enable analysis of the trends in cybercrime over time, the financial impact of various cyberattacks, and the geographic distribution of incidents across Indian cities. It serves as a critical resource for cybersecurity professionals, policymakers, law enforcement agencies, and academic researchers seeking to understand the challenges posed by cybercrime in India and to identify strategies to combat these challenges.

1. Dataset Purpose and Scope

The dataset’s primary purpose is to provide an extensive, granular view of the nature and scope of cybersecurity incidents in India. It enables the analysis of the frequency, severity, and financial impact of cybercrimes across different types of attacks, cities, and time periods. As cybercrimes continue to rise globally, including in India, this dataset serves as an important tool for understanding the evolving threats and risks in cyberspace. Cybersecurity experts and analysts can leverage this dataset to identify patterns and trends, while government and law enforcement agencies can use it to devise more targeted interventions and preventive measures.

India, with its large and growing digital footprint, is a prime target for cybercriminals. The country's rapidly expanding internet user base, coupled with increasing digital adoption in various sectors like finance, healthcare, education, and e-commerce, makes it an attractive target for cyberattacks. This dataset allows stakeholders to understand how cybercrime evolves in response to these dynamics.

The dataset is a rich resource for understanding the following:

• Incident Frequency: How often different types of cybercrimes are reported in various Indian cities.
• Financial Impact: The monetary losses associated with each type of cybercrime.
• Geographic Distribution: The prevalence of specific types of cybercrimes in particular cities or states.
• Trend Analysis: How cybercrime has evolved over the years in terms of volume and impact.

2. Dataset Structure and Variables

The dataset includes the following key variables, each contributing valuable information to the analysis:

• Year: The year in which the cybercrime incident occurred. This variable helps track the growth or decline of cybercrime incidents over time.
• Date: The specific date of the cybercrime incident. This allows for time-series analysis of the data.
• Amount_Lost_INR: The financial loss associated with the cybercrime incident, expressed in Indian Rupees (INR). This variable highlights the economic impact of each cyberattack and can be used to assess the severity of different incidents.
• Incident_Type: The type of cybercrime incident. This can include phishing, online fraud, malware attacks, ransomware, data breaches, DDoS attacks, and identity theft. This variable is crucial for understanding which types of cybercrimes are most prevalent and how they differ in their impact.
• City: The city where the incident occurred. This allows for the geographic analysis of cybercrime, helping to identify high-risk areas and cities where certain types of cyberattacks are more common.
• Category: The category of the entity affected by the cybercrime, such as financial institutions, government bodies, corporations, educational institutions, or individuals. This variable provides insights into which sectors are more vulnerable to specific types of cyberattacks.

3. Cybersecurity Threat Landscape in India

India's digital transformation has made it a prime target for cybercriminals. As of 2023, India is one of the largest internet markets in the world, with over 600 million active internet users. The rapid growth of e-commerce, digital banking, social media, and government services has created new opportunities for cybercriminals to exploit vulnerabilities in digital systems. According to a 2022 report by the Indian Computer Emergency Response Team (CERT-In), India witnessed a significant increase in cybersecurity incidents, with millions of cyberattacks targeting individuals, b...

As of July 2025, the WannaCry ransomware attack launched in 2017 was the biggest attack by its impact. During this attack, cyber actors took over 250 thousand user accounts of Microsoft Windows. As a result of this attack, the company lost over four billion U.S. dollars. The latest of selected significant cyberattacks was the 2022 ransomware attack against Swisspost, in which 1.6 terabytes of data was stolen.

Introduction

Notable Ransomware Statistics: Even in the year 2024, ransomware is ranked among the most disruptive and expensive types of cybercrime. This is software that keeps people from accessing their gadgets until they pay an amount, and it keeps getting better with time, while looking for people to pay or companies.

Data as of 2024 indicated that there was an upward trend in the prevalence and economic losses caused by ransomware attacks throughout the world. Emerged are some notable ransomware statistics to consider in the year 2024.

Business Context: We are in a time where businesses are more digitally advanced than ever, and as technology improves, organizations’ security postures must be enhanced as well. Failure to do so could result in a costly data breach, as we’ve seen happen with many businesses. The cybercrime landscape has evolved, and threat actors are going after any type of organization, so in order to protect your business’s data, money and reputation, it is critical that you invest in an advanced security system. Cyber security can be described as the collective methods, technologies, and processes to help protect the confidentiality, integrity, and availability of computer systems, networks and data, against cyber-attacks or unauthorized access. a. Information Security vs. Cyber Security vs. Network Security: Information security (also known as InfoSec) ensures that both physical and digital data is protected from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. Information security differs from cyber security in that InfoSec aims to keep data in any form secure, whereas cyber security protects only digital data. Cyber security, a subset of information security, is the practice of defending your organization’s networks, computers and data from unauthorized digital access, attack or damage by implementing various processes, technologies and practices. With the countless sophisticated threat actors targeting all types of organizations, it is critical that your IT infrastructure is secured at all times to prevent a full-scale attack on your network and risk exposing your company’ data and reputation. Network security, a subset of cyber security, aims to protect any data that is being sent through devices in your network to ensure that the information is not changed or intercepted. The role of network security is to protect the organization’s IT infrastructure from all types of cyber threats including: Viruses, worms and Trojan horses a. Zero-day attacks b. Hacker attacks c. Denial of service attacks d. Spyware and adware Your network security team implements the hardware and software necessary to guard your security architecture. With the proper network security in place, your system can detect emerging threats before they infiltrate your network and compromise your data. There are many components to a network security system that work together to improve your security posture. The most common network security components include: a. Firewalls b. Anti-virus software c. Intrusion detection and prevention systems (IDS/IPS) d. Virtual private networks (VPN) Network Intrusions vs. Computer intrusions vs. Cyber Attacks 1. Computer Intrusions: Computer intrusions occur when someone tries to gain access to any part of your computer system. Computer intruders or hackers typically use automated computer programs when they try to compromise a computer’s security. There are several ways an intruder can try to gain access to your computer. They can Access your a. Computer to view, change, or delete information on your computer, b. Crash or slow down your computer c. Access your private data by examining the files on your system d. Use your computer to access other computers on the Internet. 2. Network Intrusions: A network intrusion refers to any unauthorized activity on a digital network. Network intrusions often involve stealing valuable network resources and almost always jeopardize the security of networks and/or their data. In order to proactively detect and respond to network intrusions, organizations and their cyber security teams need to have a thorough understanding of how network intrusions work and implement network intrusion, detection, and response systems that are designed with attack techniques and cover-up methods in mind. Network Intrusion Attack Techniques: Given the amount of normal activity constantly taking place on digital networks, it can be very difficult to pinpoint anomalies that could indicate a network intrusion has occurred. Below are some of the most common network intrusion attack techniques that organizations should continually look for: Living Off the Land: Attackers increasingly use existing tools and processes and stolen credentials when compromising networks. These tools like operating system utilities, business productivity software and scripting languages are clearly not malware and have very legitimate usage as well. In fact, in most cases, the vast majority of the usage is business justified, allowing an attacker to blend in. Multi-Routing: If a network allows for asymmetric routing, attackers will often leverage multiple routes to access the targeted device or network. This allows them to avoid being detected by having a large portion of suspicious packets bypass certain network segments and any relevant network intrusion systems. Buffer Overwrit...

To determine the effectiveness of any defense mechanism, there is a need for comprehensive real-time network data that solely references various attack scenarios based on older software versions or unprotected ports, and so on. This presented dataset has entire network data at the time of several cyber attacks to enable experimentation on challenges based on implementing defense mechanisms on a larger scale. For collecting the data, we captured the network traffic of configured virtual machines using Wireshark and tcpdump. To analyze the impact of several cyber attack scenarios, this dataset presents a set of ten computers connected to Router1 on VLAN1 in a Docker Bridge network, that try and exploit each other. It includes browsing the web and downloading foreign packages including malicious ones. Also, services like FTP and SSH were exploited using several attack mechanisms. The presented dataset shows the importance of updating and patching systems to protect themselves to a greater extent, by following attack tactics on older versions of packages as compared to the newer and updated ones. This dataset also includes an Apache Server hosted on the different subset on VLAN2 which is connected to the VLAN1 to demonstrate isolation and cross-VLAN communication. The services on this web server were also exploited by the previously stated ten computers. The attack types include: Distributed Denial of Service, SQL Injection, Account Takeover, Service Exploitation (SSH, FTP), DNS and ARP Spoofing, Scanning and Firewall Searching and Indexing (using Nmap), Hammering the services to brute-force passwords and usernames, Malware attack, Spoofing and Man-in-the-Middle Attack. The attack scenarios also show various scanning mechanisms and the impact of Insider Threats on the entire network.

In 2023, organizations all around the world detected 317.59 million ransomware attempts. Overall, this number decreased significantly between the third and fourth quarters of 2022, going from around 102 million to nearly 155 million cases, respectively. Ransomware attacks usually target organizations that collect large amounts of data and are critically important. In case of an attack, these organizations prefer paying the ransom to restore stolen data rather than to report the attack immediately. The incidents of data loss also damage companies’ reputation, which is one of the reasons why ransomware attacks are not reported. Most targeted industries and regions As a part of critical infrastructure, the manufacturing industry is usually targeted by ransomware attacks. In 2022, manufacturing organizations worldwide saw 437 such attacks. The food and beverage industry ranked second, with over 50 ransomware attacks. By the share of ransomware attacks on critical infrastructure, North America ranked first among other worldwide regions, followed by Europe. Healthcare and public health sector organizations filed the highest number of complaints to the U.S. law enforcement in 2022 about ransomware attacks. Ransomware as a service (RaaS) The Ransomware as a Service (RaaS) business model has existed for over a decade. The model involves hackers and affiliates. Hackers develop ransomware attack models and sell them to affiliates. The latter then use them independently to attack targets. According to the business model, the hacker who created the RaaS receives a service fee per collected ransom. In the first quarter of 2022, there were 31 Ransomware as a Service (RaaS) extortion groups worldwide, compared to the 19 such groups in the same quarter of 2021.

To cite the dataset please reference it as “Stratosphere Laboratory. A labeled dataset with malicious and benign IoT network traffic. January 22th. Agustin Parmisano, Sebastian Garcia, Maria Jose Erquiaga. https://www.stratosphereips.org/datasets-iot23

This dataset includes labels that explain the linkages between flows connected with harmful or possibly malicious activity to provide network malware researchers and analysts with more thorough information. These labels were painstakingly created at the Stratosphere labs using malware capture analysis.

We present a concise explanation of the labels used for the identification of malicious flows, based on manual network analysis, below:

Attack: This label signifies the occurrence of an attack originating from an infected device directed towards another host. Any flow that endeavors to exploit a vulnerable service, discerned through payload and behavioral analysis, falls under this classification. Examples include brute force attempts on telnet logins or header-based command injections in GET requests.

Benign: The "Benign" label denotes connections where no suspicious or malicious activities have been detected.

C&C (Command and Control): This label indicates that the infected device has established a connection with a Command and Control server. This observation is rooted in the periodic nature of connections or activities such as binary downloads or the exchange of IRC-like or decoded commands.

DDoS (Distributed Denial of Service): "DDoS" is assigned when the infected device is actively involved in a Distributed Denial of Service attack, identifiable by the volume of flows directed towards a single IP address.

FileDownload: This label signifies that a file is being downloaded to the infected device. It is determined by examining connections with response bytes exceeding a specified threshold (typically 3KB or 5KB), often in conjunction with known suspicious destination ports or IPs associated with Command and Control servers.

HeartBeat: "HeartBeat" designates connections where packets serve the purpose of tracking the infected host by the Command and Control server. Such connections are identified through response bytes below a certain threshold (typically 1B) and exhibit periodic similarities. This is often associated with known suspicious destination ports or IPs linked to Command and Control servers.

Mirai: This label is applied when connections exhibit characteristics resembling those of the Mirai botnet, based on patterns consistent with common Mirai attack profiles.

Okiru: Similar to "Mirai," the "Okiru" label is assigned to connections displaying characteristics of the Okiru botnet. The parameters for this label are the same as for Mirai, but Okiru is a less prevalent botnet family.

PartOfAHorizontalPortScan: This label is employed when connections are involved in a horizontal port scan aimed at gathering information for potential subsequent attacks. The labeling decision hinges on patterns such as shared ports, similar transmitted byte counts, and multiple distinct destination IPs among the connections.

Torii: The "Torii" label is used when connections exhibit traits indicative of the Torii botnet, with labeling criteria similar to those used for Mirai, albeit in the context of a less common botnet family.

The CyberFedDefender dataset is a simulated dataset designed for developing and testing federated learning-based cyber threat detection models. This dataset is tailored for research and experimentation in distributed anomaly detection and privacy-preserving cybersecurity frameworks. It includes traffic features commonly used in intrusion detection systems (IDS) with a focus on cloud and edge computing environments. Each record represents network traffic metadata, with labeled instances of both normal and malicious activities, making it ideal for machine learning applications in cybersecurity.

Dataset Features The dataset consists of 1,430 instances, with 23 features including information on packet size, duration, bytes sent/received, flow statistics, and attack labels. It covers common cyberattacks such as DDoS, Brute Force, and Ransomware, along with normal network traffic.

Feature List: Timestamp: The time when the network traffic was recorded. Source_IP: The IP address of the source machine. Destination_IP: The IP address of the destination machine. Protocol: The network protocol used (TCP, UDP, ICMP). Packet_Length: The length of the packet in bytes. Duration: The duration of the connection in seconds. Source_Port: The port number used by the source. Destination_Port: The port number used by the destination. Bytes_Sent: Total bytes sent from the source to the destination. Bytes_Received: Total bytes received by the destination from the source. Flags: TCP flags indicating the connection's state (e.g., SYN, ACK). Flow_Packets/s: Number of packets per second in the traffic flow. Flow_Bytes/s: Number of bytes per second in the traffic flow. Avg_Packet_Size: Average size of the packets during the connection. Total_Fwd_Packets: Total number of forward packets. Total_Bwd_Packets: Total number of backward packets. Fwd_Header_Length: Length of the forward packet headers. Bwd_Header_Length: Length of the backward packet headers. Sub_Flow_Fwd_Bytes: Bytes sent in the forward subflow. Sub_Flow_Bwd_Bytes: Bytes received in the backward subflow. Inbound: Indicates whether the traffic is inbound (1) or outbound (0). Attack_Type: Type of cyberattack or normal traffic (e.g., DDoS, Brute Force, Ransomware, Normal). Label: Binary classification label where 1 indicates malicious traffic and 0 represents normal traffic. Usage This dataset is designed for research in the following areas:

Federated learning for cyber threat detection Privacy-preserving machine learning in cybersecurity Intrusion detection systems (IDS) Distributed anomaly detection in cloud and edge environments Researchers can leverage this dataset to build and evaluate models for anomaly detection, perform comparative analysis, or enhance the robustness of federated learning frameworks in cybersecurity applications.

Ransomware is a type of malicious software that encrypts users’ data and demands payment for the decryption key. The effects of ransomware on users can be devastating, ranging from the loss of important data and disruption of business operations to monetary losses. Additionally, it can cause psychological strain, as victims often find themselves in a helpless situation with their only option being to pay the ransom. This situation can lead to diminished trust in online security solutions, increased risk of further attacks, difficulty recovering data, and the potential for identity theft. To protect against ransomware attacks, one effective option is the use of machine learning. Machine learning algorithms can be used to detect anomalous activity that is associated with ransomware attacks. This could include things like sudden increases in file access or writing activity, or changes in system resources. AI-based security solutions can then analyze events across the network and alert system administrators to possible attack threats. Finally, machine learning algorithms can be used to analyze the data from past ransomware attacks and create models to better predict the behavior of similar future attacks. This can help system administrators quickly respond to any new attacks. The dataset contains the network monitoring records of android devices to determine the types of ransomware along with benign which have been transacted in the user network.

Insights into ransomware attack trends in the USA, including affected devices, organizational costs, preventive measures, and industries most targeted, based on survey data from respondents in 2024.

In late 2024, a boutique digital marketing agency in Austin, Texas, experienced what seemed like a minor IT hiccup. Their systems froze for six hours. What they didn’t know was that a ransomware attack had quietly encrypted their data. Within 24 hours, the attacker demanded $25,000 in cryptocurrency. The firm,...