The number of ransomware attacks targeting industrial organizations and infrastructure has doubled since the second quarter of 2022, according to data from industrial cybersecurity firm Dragos.
In a report analyzing data from the second quarter of 2023, Dragos said it saw 253 ransomware incidents, up 18% from the first quarter of 2023, when it observed 214 attacks.
The company saw 189 ransomware incidents in the last quarter of 2022, a 30% increase from the 128 incidents in the third quarter of 2022. In the second quarter of 2022, the number dropped to 125 from 158 incidents in the first quarter. The drop was attributed at the time by Dragos to the shutdown of the Conti operation.
Dragos has blamed the surge in attacks on ransomware revenue plunging in 2022 as more victims refused to pay up.
“Dragos assesses with moderate confidence that the third quarter of 2023 will witness increased business-impacting ransomware attacks against industrial organizations for two reasons. Firstly, the prevailing political tension between NATO countries and Russia motivates Russian-aligned ransomware groups to continue targeting and disrupting critical infrastructure in NATO countries,” Dragos said.
“Secondly, as the number of victims willing to pay ransoms diminishes, RaaS groups have shifted their focus towards larger organizations, resorting to widespread ransomware distribution attacks to sustain their revenues,” it added.
Nearly half of the ransomware attacks observed by the security firm hit organizations and infrastructure in North America, followed at a distance by Asia.
Half of the 66 ransomware groups monitored by Dragos launched attacks in Q2 2023, with the most active being LockBit, responsible for 48 incidents, followed by Alpha V, with 31 incidents, and Black Basta, with 26 incidents.
The manufacturing sector continues to be the most targeted, with 177 incidents, followed by industrial control systems (ICS), transportation, and oil and gas.
Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
October 23-26, 2023 | Atlanta
www.icscybersecurityconference.com
Related: Ransomware Often Hits Industrial Systems, With Significant Impact: Survey
Related: Dragos Says Ransomware Gang Accessed Limited Data but Failed at Extortion Scheme
Related: 2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged
