Connect with us

Hi, what are you looking for?



Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report

The number of ransomware attacks targeting industrial organizations and infrastructure has doubled since the second quarter of 2022, according to Dragos.

ICS Ransomware

The number of ransomware attacks targeting industrial organizations and infrastructure has doubled since the second quarter of 2022, according to data from industrial cybersecurity firm Dragos.

In a report analyzing data from the second quarter of 2023, Dragos said it saw 253 ransomware incidents, up 18% from the first quarter of 2023, when it observed 214 attacks. 

The company saw 189 ransomware incidents in the last quarter of 2022, a 30% increase from the 128 incidents in the third quarter of 2022. In the second quarter of 2022, the number dropped to 125 from 158 incidents in the first quarter. The drop was attributed at the time by Dragos to the shutdown of the Conti operation

Dragos has blamed the surge in attacks on ransomware revenue plunging in 2022 as more victims refused to pay up. 

“Dragos assesses with moderate confidence that the third quarter of 2023 will witness increased business-impacting ransomware attacks against industrial organizations for two reasons. Firstly, the prevailing political tension between NATO countries and Russia motivates Russian-aligned ransomware groups to continue targeting and disrupting critical infrastructure in NATO countries,” Dragos said. 

“Secondly, as the number of victims willing to pay ransoms diminishes, RaaS groups have shifted their focus towards larger organizations, resorting to widespread ransomware distribution attacks to sustain their revenues,” it added.

Nearly half of the ransomware attacks observed by the security firm hit organizations and infrastructure in North America, followed at a distance by Asia. 

Advertisement. Scroll to continue reading.

Half of the 66 ransomware groups monitored by Dragos launched attacks in Q2 2023, with the most active being LockBit, responsible for 48 incidents, followed by Alpha V, with 31 incidents, and Black Basta, with 26 incidents.

The manufacturing sector continues to be the most targeted, with 177 incidents, followed by industrial control systems (ICS), transportation, and oil and gas. 

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta

Related: Ransomware Often Hits Industrial Systems, With Significant Impact: Survey

Related: Dragos Says Ransomware Gang Accessed Limited Data but Failed at Extortion Scheme 

Related: 2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.