Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report

The number of ransomware attacks targeting industrial organizations and infrastructure has doubled since the second quarter of 2022, according to Dragos.

By

Flipboard

Reddit

Pinterest

Whatsapp

Whatsapp

Email

The number of ransomware attacks targeting industrial organizations and infrastructure has doubled since the second quarter of 2022, according to data from industrial cybersecurity firm Dragos.

In a report analyzing data from the second quarter of 2023, Dragos said it saw 253 ransomware incidents, up 18% from the first quarter of 2023, when it observed 214 attacks.

The company saw 189 ransomware incidents in the last quarter of 2022, a 30% increase from the 128 incidents in the third quarter of 2022. In the second quarter of 2022, the number dropped to 125 from 158 incidents in the first quarter. The drop was attributed at the time by Dragos to the shutdown of the Conti operation.

Dragos has blamed the surge in attacks on ransomware revenue plunging in 2022 as more victims refused to pay up.

“Dragos assesses with moderate confidence that the third quarter of 2023 will witness increased business-impacting ransomware attacks against industrial organizations for two reasons. Firstly, the prevailing political tension between NATO countries and Russia motivates Russian-aligned ransomware groups to continue targeting and disrupting critical infrastructure in NATO countries,” Dragos said.

“Secondly, as the number of victims willing to pay ransoms diminishes, RaaS groups have shifted their focus towards larger organizations, resorting to widespread ransomware distribution attacks to sustain their revenues,” it added.

Nearly half of the ransomware attacks observed by the security firm hit organizations and infrastructure in North America, followed at a distance by Asia.

Half of the 66 ransomware groups monitored by Dragos launched attacks in Q2 2023, with the most active being LockBit, responsible for 48 incidents, followed by Alpha V, with 31 incidents, and Black Basta, with 26 incidents.

The manufacturing sector continues to be the most targeted, with 177 incidents, followed by industrial control systems (ICS), transportation, and oil and gas.

Related: Ransomware Often Hits Industrial Systems, With Significant Impact: Survey

Related: Dragos Says Ransomware Gang Accessed Limited Data but Failed at Extortion Scheme

Related: 2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Thinking through the good, the bad, and the ugly now is a process that affords us “the negative focus to survive, but a positive one to thrive."(Marc Solomon)

Sharing threat information and cooperating with other threat intelligence groups helps to strengthen customer safeguards and boosts the effectiveness of the cybersecurity sector overall.(Derek Manky)

Securing APIs is a noble, though complex journey. Security teams can leverage these 10 steps to help secure their APIs.(Joshua Goldfarb)

While silos pose significant dangers to an enterprise's cybersecurity posture, consolidation serves as a powerful solution to overcome these risks, offering improved visibility, efficiency, incident response capabilities, and risk management.(Matt Wilson)

The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to protect systems, data, and the network from compromise.(Torsten George)

Flipboard

Reddit

Pinterest

Whatsapp

Whatsapp

Email

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit.