UMTFO
Company Details
Linkedin ID:
un-multi-partner-trust-fund-office
Website:
Employees number:
8
Number of followers:
1,089
NAICS:
8135
Industry Type:
Homepage:
undp.org
IP Addresses:
0
Company ID:
UN _1943465
Scan Status:
In-progress
UN Multi-Partner Trust Fund Office Company CyberSecurity Posture
undp.org
The MPTF Office supports UN coherence and the achievement of the Sustainable Development Goals with a well-designed and professionally managed portfolio of innovative pooled financing instruments.
UN Multi-Partner Trust Fund Office A.I CyberSecurity Scoring
UMTFO Risk Score (AI oriented)Between 650 and 699
UMTFO
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UMTFO Global Score (TPRM)XXXX
UMTFO
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UMTFO Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
UN Multi-Partner Trust Fund Office: FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs. From thousands of Bank Secrecy Act filings, the report documents 4,194 ransomware incidents between January 2022 and December 2024. These reports show that organizations paid more than $2.1 billion in ransom payments, nearly reaching the total reported over 8 years from 2013 to 2021. In total, from 2013 through 2024, FinCEN tracked approximately $4.5 billion in payments to ransomware gangs. Law enforcement operations show impact According to the report, 2023 was the best year for ransomware gangs, with victims reporting 1,512 individual incidents and approximately $1.1 billion in ransom payments, a 77 percent increase from 2022. However, both stats fell in 2024, with a slight dip to 1,476 incidents, but a dramatic decrease to $734 million in payments. This decrease is believed to be due to law enforcement operations targeting BlackCat in 2023 and LockBit at the beginning of 2024. Both of these ransomware gangs were the most active at the time of disruption, with the threat actors moving to new operations or struggling to relaunch. FinCEN says the amount paid varied, with most ransom payments below $250,000. The analysis also showed that manufacturing, financial services, and healthcare suffered the most ransomware attacks, with fina
UMTFO Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UMTFO
Incidents vs Non-profit Organizations Industry Average (This Year)
UN Multi-Partner Trust Fund Office has 36.99% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
UN Multi-Partner Trust Fund Office has 53.85% more incidents than the average of all companies with at least one recorded incident.
Incident Types UMTFO vs Non-profit Organizations Industry Avg (This Year)
UN Multi-Partner Trust Fund Office reported 1 incidents this year: 0 cyber attacks, 1 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — UMTFO (X = Date, Y = Severity)
UMTFO cyber incidents detection timeline including parent company and subsidiaries
UMTFO Company Subsidiaries
The MPTF Office supports UN coherence and the achievement of the Sustainable Development Goals with a well-designed and professionally managed portfolio of innovative pooled financing instruments.
Loading...
UMTFO Similar Companies
Transport for London
Every day, we help millions of people to make journeys across London: By Tube, bus, tram, car, bike – and more. People don’t associate us with journeys by river, on foot or via the air, but we help with that, too. Getting people to where they need to go has been our business for over 100 years, and
British Council
We support peace and prosperity by building connections, understanding and trust between people in the UK and countries worldwide. We uniquely combine the UK’s deep expertise in arts and culture, education and the English language, our global presence and relationships in over 100 countries, our un
AIESEC
AIESEC develops leadership among youth aged 18 to 30 and contributes to strengthening the global employability market by providing an end-to-end international talent recruitment solution for Enterprises, NGOs, and Start-ups. AIESEC is the world's largest youth-run organization developing the leader
International Committee of the Red Cross - ICRC
Established in 1863, the International Committee of the Red Cross (ICRC) works worldwide to provide humanitarian help for people affected by conflict and armed violence and to promote the laws that protect victims of war. An independent and neutral organization, its mandate stems essentially from th
UNICEF
UNICEF works in some of the world’s toughest places, to reach the world’s most disadvantaged children. To save their lives. To defend their rights. To help them fulfill their potential. Across 190 countries and territories, we work for every child, everywhere, every day, to build a better world fo
YMCA of the USA
YMCA of the USA is the national resource office for the nation's YMCAs. Located in Chicago, IL, YMCA of the USA exists to serve YMCAs. To address the specific needs of communities, each YMCA is an independent organization, autonomous and separate from YMCA of the USA. They are required by the nation
Goodwill Industries is all about people working. We are North America’s leading nonprofit provider of education, training, and career services for people with disadvantages, such as welfare dependency, homelessness, and lack of education or work experience, as well as those with physical, mental an
The Salvation Army is the nation's largest direct provider of social services. Annually, we help millions overcome poverty, addiction, and spiritual and economic hardships by preaching the gospel of Jesus Christ and meeting human needs in His name without discrimination in nearly every zip code.
Médecins Sans Frontières (MSF)
Médecins Sans Frontières (MSF) is an international, independent, medical humanitarian organisation working to provide medical assistance to people affected by conflict, epidemics, disasters, or exclusion from healthcare. Since our founding in 1971, we’ve grown to a global movement delivering human
.png)
UMTFO CyberSecurity News
November 29, 2025 07:26 AM
Launch of the Global Framework for United Nations Support on Syria / Iraq Third Country National Returnees
The Republic of Iraq and the Kingdom of the Netherlands, along with the United Nations Counter-Terrorism Centre (UNCCT) of the United Nations Office of...
November 27, 2025 11:55 AM
Funding | Office of Counter-Terrorism
Sustainable and predictable funding is essential for UNOCT to be able to perform on its mandate consistently at the highest level and for greatest impact.
July 02, 2025 07:00 AM
Unlocking the Philippines’ Digital Transformation by Increasing Internet Connectivity
Digitalization is a transformative force that can drive productivity-led growth and enhance the efficiency of critical services such as...
June 05, 2025 07:00 AM
Donors making a difference: cholera
WHO works to improve prevention and control of cholera globally, as well as increase awareness. WHO and partners also support research for...
March 03, 2025 11:03 AM
(2) Digital, Information and Communications Technology, and Science and Technology
Japan is engaged in science and technology cooperation through the “Science and Technology Research Partnership for Sustainable Development (SATREPS) program”
January 30, 2025 08:00 AM
First Regular Session of the Executive Board 2025
2025 marks 60 years since the establishment of UNDP. Central to the UN's mandate, UNDP has consistently advanced development thinking and achieved tangible...
January 28, 2025 08:00 AM
Which Federal Programs Are Under Scrutiny? The Budget Office Named 2,600 of Them.
The Trump administration ordered temporary freezes in funding for programs spanning virtually every part of the government.
December 18, 2024 11:13 AM
United Nations system and UN Network on Migration
IOM promotes policy coherence, contributes to advocacy efforts, harnesses resources and fosters innovation to align migration policies with development goals.
December 18, 2024 06:54 AM
Migration Multi-Partner Trust Fund
The Migration Multi-Partner Trust Fund is the only pooled funding instrument dedicated to migration and is open to all States.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UMTFO CyberSecurity History Information
Official Website of UN Multi-Partner Trust Fund Office
The official website of UN Multi-Partner Trust Fund Office is http://Mptfo.undp.org.
UN Multi-Partner Trust Fund Office’s AI-Generated Cybersecurity Score
According to Rankiteo, UN Multi-Partner Trust Fund Office’s AI-generated cybersecurity score is 654, reflecting their Weak security posture.
How many security badges does UN Multi-Partner Trust Fund Office’ have ?
According to Rankiteo, UN Multi-Partner Trust Fund Office currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does UN Multi-Partner Trust Fund Office have SOC 2 Type 1 certification ?
According to Rankiteo, UN Multi-Partner Trust Fund Office is not certified under SOC 2 Type 1.
Does UN Multi-Partner Trust Fund Office have SOC 2 Type 2 certification ?
According to Rankiteo, UN Multi-Partner Trust Fund Office does not hold a SOC 2 Type 2 certification.
Does UN Multi-Partner Trust Fund Office comply with GDPR ?
According to Rankiteo, UN Multi-Partner Trust Fund Office is not listed as GDPR compliant.
Does UN Multi-Partner Trust Fund Office have PCI DSS certification ?
According to Rankiteo, UN Multi-Partner Trust Fund Office does not currently maintain PCI DSS compliance.
Does UN Multi-Partner Trust Fund Office comply with HIPAA ?
According to Rankiteo, UN Multi-Partner Trust Fund Office is not compliant with HIPAA regulations.
Does UN Multi-Partner Trust Fund Office have ISO 27001 certification ?
According to Rankiteo,UN Multi-Partner Trust Fund Office is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of UN Multi-Partner Trust Fund Office
UN Multi-Partner Trust Fund Office operates primarily in the Non-profit Organizations industry.
Number of Employees at UN Multi-Partner Trust Fund Office
UN Multi-Partner Trust Fund Office employs approximately 8 people worldwide.
Subsidiaries Owned by UN Multi-Partner Trust Fund Office
UN Multi-Partner Trust Fund Office presently has no subsidiaries across any sectors.
UN Multi-Partner Trust Fund Office’s LinkedIn Followers
UN Multi-Partner Trust Fund Office’s official LinkedIn profile has approximately 1,089 followers.
NAICS Classification of UN Multi-Partner Trust Fund Office
UN Multi-Partner Trust Fund Office is classified under the NAICS code 8135, which corresponds to Others.
UN Multi-Partner Trust Fund Office’s Presence on Crunchbase
No, UN Multi-Partner Trust Fund Office does not have a profile on Crunchbase.
UN Multi-Partner Trust Fund Office’s Presence on LinkedIn
Yes, UN Multi-Partner Trust Fund Office maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/un-multi-partner-trust-fund-office.
Cybersecurity Incidents Involving UN Multi-Partner Trust Fund Office
As of December 11, 2025, Rankiteo reports that UN Multi-Partner Trust Fund Office has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
UN Multi-Partner Trust Fund Office has an estimated 20,901 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at UN Multi-Partner Trust Fund Office ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
What was the total financial impact of these incidents on UN Multi-Partner Trust Fund Office ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $4.50 billion.
How does UN Multi-Partner Trust Fund Office detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an law enforcement notified with yes..
Incident Details
Can you provide details on each incident ?
Title: Global Ransomware Surge and Decline (2022-2024)
Description: A report by FinCEN documents 4,194 ransomware incidents between January 2022 and December 2024, with over $2.1 billion in ransom payments. The peak occurred in 2023 with $1.1 billion in payments, followed by a decline in 2024 due to law enforcement actions targeting ALPHV/BlackCat and LockBit ransomware gangs.
Type: Ransomware
Threat Actor: ALPHV/BlackCatLockBit
Motivation: Financial gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware UN-1765231768
Financial Loss: $4.5 billion (2013-2024)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $4.50 billion.
Which entities were affected by each incident ?
Incident : Ransomware UN-1765231768
Entity Type: Organization
Industry: Manufacturing, Financial Services, Healthcare
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware UN-1765231768
Law Enforcement Notified: Yes
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware UN-1765231768
Data Encryption: Yes
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware UN-1765231768
Ransom Paid: $2.1 billion (2022-2024)
Ransomware Strain: ALPHV/BlackCatLockBit
Data Encryption: Yes
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Ransomware UN-1765231768
Lessons Learned: Law enforcement actions targeting ransomware gangs can significantly reduce ransomware activity and payments.
What recommendations were made to prevent future incidents ?
Incident : Ransomware UN-1765231768
Recommendations: Organizations should enhance cybersecurity measures, report incidents to authorities, and avoid paying ransoms to disrupt the ransomware economy.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Law enforcement actions targeting ransomware gangs can significantly reduce ransomware activity and payments.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Organizations should enhance cybersecurity measures, report incidents to authorities and and avoid paying ransoms to disrupt the ransomware economy..
References
Where can I find more information about each incident ?
Incident : Ransomware UN-1765231768
Source: Financial Crimes Enforcement Network (FinCEN)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Financial Crimes Enforcement Network (FinCEN).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Ransomware UN-1765231768
Investigation Status: Ongoing
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Ransomware UN-1765231768
Root Causes: Proliferation of ransomware-as-a-service (RaaS) models, exploitation of vulnerabilities, and lack of robust cybersecurity defenses.
Corrective Actions: Law enforcement disruptions, enhanced monitoring, and improved incident response strategies.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Law enforcement disruptions, enhanced monitoring, and improved incident response strategies..
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an ALPHV/BlackCatLockBit.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $4.5 billion (2013-2024).
Ransomware Information
What was the highest ransom paid in a ransomware incident ?
Highest Ransom Paid: The highest ransom paid in a ransomware incident was $2.1 billion (2022-2024).
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Law enforcement actions targeting ransomware gangs can significantly reduce ransomware activity and payments.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Organizations should enhance cybersecurity measures, report incidents to authorities and and avoid paying ransoms to disrupt the ransomware economy..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Financial Crimes Enforcement Network (FinCEN).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
.png)
Latest Global CVEs (Not Company-Specific)
Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application does not sanitize user-controlled data before rendering it inside the employee selection dropdown. The application retrieves employee names from the database and injects them directly into HTML <option> elements without proper escaping. This issue is fixed in version 3.5.5.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirect GET parameter. As a result, unauthenticated remote attacker can execute malicious JS code on Zitadel users’ browsers. To carry out an attack, multiple user sessions need to be active in the same browser, however, account takeover is mitigated when using Multi-Factor Authentication (MFA) or Passwordless authentication. This issue is fixed in version 4.7.1.
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Description
ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This allows an unauthenticated attacker to force the server to make HTTP requests to arbitrary domains, such as internal addresses, and read the responses, enabling data exfiltration and bypassing network-segmentation controls. This issue is fixed in version 4.7.1.
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Description
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.
Risk Information
cvss4
Base: 9.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/FreePBX/framework/commit/04224253156543cd9932b90458660b2f19fc0e35#diff-72f14a52840a61504a8e03cd195035b44e488aecd634b001bc6412a04bdc940bR20-R50
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-9jvh-mv6x-w698
- https://www.freepbx.org/watch-what-we-do-with-security-fixes-%f0%9f%91%80
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=un-multi-partner-trust-fund-office' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
