Connect with us

Hi, what are you looking for?



Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report

The number of ransomware attacks targeting industrial organizations and infrastructure has doubled since the second quarter of 2022, according to Dragos.

Industrial ICS attack

The number of ransomware attacks targeting industrial organizations and infrastructure has doubled since the second quarter of 2022, according to data from industrial cybersecurity firm Dragos.

In a report analyzing data from the second quarter of 2023, Dragos said it saw 253 ransomware incidents, up 18% from the first quarter of 2023, when it observed 214 attacks. 

The company saw 189 ransomware incidents in the last quarter of 2022, a 30% increase from the 128 incidents in the third quarter of 2022. In the second quarter of 2022, the number dropped to 125 from 158 incidents in the first quarter. The drop was attributed at the time by Dragos to the shutdown of the Conti operation

Dragos has blamed the surge in attacks on ransomware revenue plunging in 2022 as more victims refused to pay up. 

“Dragos assesses with moderate confidence that the third quarter of 2023 will witness increased business-impacting ransomware attacks against industrial organizations for two reasons. Firstly, the prevailing political tension between NATO countries and Russia motivates Russian-aligned ransomware groups to continue targeting and disrupting critical infrastructure in NATO countries,” Dragos said. 

“Secondly, as the number of victims willing to pay ransoms diminishes, RaaS groups have shifted their focus towards larger organizations, resorting to widespread ransomware distribution attacks to sustain their revenues,” it added.

Nearly half of the ransomware attacks observed by the security firm hit organizations and infrastructure in North America, followed at a distance by Asia. 

Half of the 66 ransomware groups monitored by Dragos launched attacks in Q2 2023, with the most active being LockBit, responsible for 48 incidents, followed by Alpha V, with 31 incidents, and Black Basta, with 26 incidents.

Advertisement. Scroll to continue reading.

The manufacturing sector continues to be the most targeted, with 177 incidents, followed by industrial control systems (ICS), transportation, and oil and gas. 

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta

Related: Ransomware Often Hits Industrial Systems, With Significant Impact: Survey

Related: Dragos Says Ransomware Gang Accessed Limited Data but Failed at Extortion Scheme 

Related: 2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.