Create a free Manufacturing.net account to continue

Ransomware Rages On

Projections indicate a 60 percent increase in ransomware attacks next year, but it's not all doom and gloom.

Drew Schmitt
Dec 20, 2023
Ransomware

From time to time, the cybersecurity industry latches on to an especially high-profile ransomware incident, the MGM Alphv (Black Cat) attack is coming to mind as of late, where many of us attempt to deep dive into potential security failures, threat actor operations, and anything that might tell a compelling ransomware story. What many are not privy to is that these attacks are happening at an increasing rate year-over-year, with no sign of stopping. 

In 2022, the GuidePoint Research and Intelligence Team (GRIT) tracked 2,503 publicly named ransomware victims across all industry verticals. As of August 31, 2023 there were 2,890 publicly named victims. Based on the projected total number of named victims, there will be a 60 percent increase in ransomware attacks year over year.

Similarly, the number of active ransomware groups is also increasing at an alarming rate. There were 55 active double extortion ransomware groups in 2022 while 2023 has already seen 52. If this trend holds, this will represent a 16 precent increase year-over-year of new groups joining the ransomware community.

The Impact to Manufacturing

The  manufacturing industry has been the most impacted vertical in both 2022 and 2023. Representing 13.2 percent of publicly named ransomware victims in 2023, with 1-2 new manufacturing victims named to ransomware leak sites every day. And these only represent the victims that do not pay the ransom demand. The total number of impacted companies is likely far larger than these statistics represent.

Manufacturing companies in the U.S. are far more likely to be impacted by ransomware than in other countries. In 2022, U.S. manufacturers represented 40 percent of all manufacturing victims, while in 2023 that number has risen to 46 percent. Other western countries including Germany, the United Kingdom, and Canada have historically each represented between 5-8 percent of the total manufacturing victims globally, a number far lower than observed in the U.S.

From year to year, there are threat groups that consistently impact manufacturing - namely LockBit. In 2022, LockBit accounted for 30 percent of all publicly named manufacturing victims, a trend continuing into 2023 where LockBit accounts for 23 percent of publicly-named manufacturing attacks. This is despite a summertime hiatus.

Alphv, the group claiming responsibility for the MGM attack, is also a major source of victimization for the manufacturing sector, representing 11 percent of publicly named victims in 2023. With ransomware we often focus on the doom and gloom around attacks, however, not all hope is lost.

There is still a lot we can, and should, be doing to mitigate the risks associated with ransomware attacks. 

Measures to Mitigate Risk 

In cybersecurity there tends to be a focus on making sure that we are keeping up with the latest technology to reduce risk, but it is far too often that we see ransomware attacks resulting from gaps in foundational components of a cybersecurity program, or teams that simply donโ€™t have the training to respond effectively in the critical hours after an attack has begun. Based on my experiences in incident response and threat intelligence, I recommend that we go back to the basics, such as:

  • Security In-Depth. This recommendation covers all three of the people, process and technology triad. We need to ensure that from all three perspectives we have overlapping duties, overlapping processes and overlapping technologies. When we have a gap in one component, there is already another that is overlapping to mitigate that risk. The more that we focus on making sure we discover gaps and overlap our controls, the more likely we are to prevent, detect and respond in a way that limits the impacts of ransomware.
  • IR Plans and Tabletop Exercises. IR plans and tabletop exercises are crucial for building effective processes and training people within a cybersecurity team, as well as elsewhere within the organization. The IR plan focuses on building effective processes, while the tabletop exercise focuses on building the muscle memory to ensure everyone knows their role in an incident. Both are crucial for preparing for, and responding to, ransomware attacks.
  • Highly Trained Cybersecurity Staff. Ensuring your cybersecurity staff have adequate training opportunities and are afforded the time to improve their skills is important to ensuring you have a team that is ready to handle a ransomware attack. Additionally, training opportunities help keep morale high, which results in a team ready to respond. Lastly, including methods of automation and orchestration extend the teamโ€™s ability to be effective and do more with less.

Although ransomware continues to be an increasing problem for manufacturers, we have a lot to look forward to in the future. As we have explored, there are fundamental ways that we can focus on reducing the risk of ransomware attacks by getting back to the basics. As 2023 ends and 2024 begins, we may continue to see an upward trend in ransomware victims, but through systematic and calculated methods of reducing risk, hopefully your organization will not be among them. 

Latest in Cybersecurity
Cybersecurity
New Siemens Software Automatically Identifies Vulnerable Production Assets
May 8, 2024
Manufacturing
Tech Trends to Watch in Manufacturing
May 7, 2024
General Cyberattack
CISA, FBI Release Secure by Design Alert
May 3, 2024
Financial Cyber
Ransomware Report Shows Fewer Incidents, Future Concerns
May 3, 2024
Related Stories
General Cyberattack
Cybersecurity
CISA, FBI Release Secure by Design Alert
Manufacturing Infrastructure Cyber
Cybersecurity
CISA Releases Latest ICS Advisories
Ep92tn
Cybersecurity
Security Breach: Predictions That Hit
Ransomware
Cybersecurity
Report Identifies Hidden Costs, Challenges of Ransomware
More in Cybersecurity
Cybersecurity
Software
New Siemens Software Automatically Identifies Vulnerable Production Assets
The cybersecurity SaaS will be available for purchase in July 2024.
May 8, 2024
Manufacturing
Industry 4.0
Tech Trends to Watch in Manufacturing
AI is at the forefront.
May 7, 2024
General Cyberattack
Cybersecurity
CISA, FBI Release Secure by Design Alert
The two agencies are urging manufacturers to eliminate directory traversal vulnerabilities.
May 3, 2024
Financial Cyber
Cybersecurity
Ransomware Report Shows Fewer Incidents, Future Concerns
The fear is that larger RaaS groups are exercising greater control over their affiliates.
May 3, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
CISA Releases Latest ICS Advisories
Cisco, Siemens, Honeywell and Mitsubishi systems top the list.
May 3, 2024
Ep92tn
Cybersecurity
Security Breach: Predictions That Hit
A look back at Security Breach guest's most accurate and timely industrial cybersecurity predictions.
May 2, 2024
Andrew Witty, Chief Executive Officer of UnitedHealth Group, testifies at a Senate Finance Committee hearing examining cyber attacks on health care, and the Change Healthcare cyber attack, Wednesday, May 1, 2024, on Capitol Hill in Washington.
Cybersecurity
Change Healthcare Cyberattack Due to Lack of Multifactor Authentication
That's according to UnitedHealth CEO Andrew Witty.
May 1, 2024
I Stock 1311492607
Cybersecurity
ZAG Launches Cybersecurity Series for Food, Agriculture Sectors
Empowering agricultural businesses with the tools necessary to protect their digital infrastructure.
April 29, 2024
Ransomware
Cybersecurity
Report Identifies Hidden Costs, Challenges of Ransomware
Too many are paying, and the reasons range from understandable to infuriating.
April 25, 2024
Ep90
Cybersecurity
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
A look at how this vital and increasingly targeted market sector is responding to more cyberattacks.
April 24, 2024
Industrial Cyber
Cybersecurity
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
IEC 62443 is a key standard to reduce risk of cyberattacks in industrial workplaces.
Cybersecurity
How to Build a More Secure Connected World with IEC 62443
The goal is better efficiency, improved sustainability and interoperability, enhanced reliability and greater cost-effectiveness for system integrators, product suppliers and other stakeholders.
April 24, 2024
Ap24114558425503
Cybersecurity
UnitedHealth Says Wide Swath of Patient Files May Have Been Taken in Cyberattack
Screen shots containing protected health information or personally identifiable information were posted.
April 24, 2024