Dragos recently released their Q2 industrial ransomware report for 2024. Key findings and takeaways include:
- Despite declining incidents and the relatively low impact of ransomware attacks in the first quarter, the second quarter showed a significant resurgence.
- The number of such attacks nearly doubled from Q1 to Q2.
- Despite law enforcement registering some big wins over RaaS groups BlackCat and LockBit, these groups quickly adapted and recalibrated their strategies. Similarly, Royal ransomware rebranded to BlackSuit and Knight ransomware became RansomHub, with both showcasing more sophisticated encryption, improved lateral movement tactics, and more effective evasion of detection mechanisms.
- The industrial sector remains a prime target for these groups, with ransomware groups focusing on high-impact operators to maximize their profits. The risk posed by ransomware is further exacerbated as government-affiliated groups adopt ransomware tactics, and hacktivists increasingly utilize and even build their own ransomware tools.
- Among the 86 ransomware groups known for targeting industrial organizations, 29 remained active in the second quarter, compared to 22 in the first quarter of 2024.
- Disruptions to OT networks were linked to interdependencies between OT and IT systems.
- The manufacturing sector was the most affected of all business categories, with 210 observed incidents, accounting for approximately 67 percent of all ransomware incidents.
- Developers and manufacturers of ICS equipment and software experienced 15 percent of total incidents. The Oil and Natural Gas sector registered two percent of overall incidents, with mining, utilities and power accounting for four percent.
- Within the industrial sector, those experiencing the highest number of incidents included food manufacturers, producers of metal equipment, and electronics manufacturers.
- The Lockbit group was behind the most attacks against industrial organizations- accounting for 21 percent of the total. The Play ransomware, BlackBasta, 8Base, Akira and BlackSuit rounded out the top spots.
- Dragos states that the ransomware threat landscape will continue to evolve, characterized by the introduction of new ransomware variants and increasingly coordinated campaigns targeting industrial sectors. Despite significant law enforcement actions, the observed resilience and adaptability of ransomware groups indicate they are here to stay.