Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Number of Ransomware Attacks on Industrial Orgs Drops Following Conti Shutdown

The number of ransomware attacks on industrial organizations decreased from 158 in the first quarter of 2022 to 125 in the second quarter, and it may be — at least partially — a result of the Conti operation shutting down.

The number of ransomware attacks on industrial organizations decreased from 158 in the first quarter of 2022 to 125 in the second quarter, and it may be — at least partially — a result of the Conti operation shutting down.

According to data collected by industrial cybersecurity firm Dragos, Conti accounted for a significant chunk of the ransomware attacks on industrial organizations and infrastructure in the previous quarters and the threat actor’s decision to pull the plug on the operation in May could have led to the drop in the number of attacks in the second quarter.

Experts believe the Conti operation, which had been a highly profitable business, was shut down after the brand became toxic following some of the group’s members openly expressing support for Russia after it launched its invasion of Ukraine.

The Conti brand may have been terminated, but experts believe its leaders are still active, continuing their work through several smaller ransomware operations, including Karakurt, Black Basta, BlackByte, AlphV (BlackCat), HIVE, HelloKitty (FiveHands), and AvosLocker.

According to Dragos, 33% of the ransomware attacks in Q2 were launched by the LockBit group, followed by Conti (13%), Black Basta (12%), Quantum (7%), AlphV (4%) and Hive (4%).

It’s worth noting that the Black Basta group was not seen launching attacks in Q1, which could indicate that they are filling the gap left by the Conti operation. It’s believed that Conti leaders started preparing for their exit weeks before the actual shutdown.

Learn more about ransomware attacks on industrial organizations at

SecurityWeek’s ICS Cyber Security Conference

Advertisement. Scroll to continue reading.

Industrial organizations in Europe accounted for 37% of all ransomware attacks seen by Dragos, followed by North America, which accounted for 29% of incidents, and Asia, with 26%. The company pointed out that the percentage of Asian companies hit in the previous quarter was only 9%.

As for the most targeted sectors, manufacturing continues to be the main target, with 86 of the attacks observed in the second quarter aimed at this industry.

Ransomware attacks on ICS sectors in Q2 2022

Some groups appear to focus on a particular industry. For example, Karakurt has mainly targeted transportation entities, and Vice Society has only attacked automotive manufacturing firms.

Some groups only target certain regions. For instance, Moses Staff has only targeted Israel, while Black Basta, Ransomhouse, and Everest have only targeted companies in the US and Europe. Quantum and Lorenzo ransomware have only targeted companies based in North America.

Ransomware attacks on industrial organizations can have a significant impact, with several incidents known to have caused disruption to operational technology (OT) systems. Dragos noted that while the number of attacks is down, the impact has been significant. 

“In Q3 of 2022, Dragos assesses with high confidence that ransomware will continue to disrupt OT operations, whether through the integration of OT kill processes into ransomware strains, flattened networks allowing for ransomware to spread into OT environments, or through precautionary shutdowns of OT environments by operators to prevent ransomware from spreading to OT systems,” Dragos said.

It added, “Due to the changes in ransomware groups themselves, Dragos assesses with moderate confidence new ransomware groups will appear in the next quarter, whether as new or reformed ones. Dragos assesses with moderate confidence that ransomware will continue to either indirectly or directly target OT operations.”

Related: Europe Warned About Cyber Threat to Industrial Infrastructure

Related: Increasing Number of Threat Groups Targeting OT Systems in North America

Related: Ransomware Hit SCADA Systems at 3 Water Facilities in U.S.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.