Ransomware attacks on industry double in 2024 second quarter
Ransomware attacks against the industrial sector have surged in the second quarter of 2024, according to new findings from cybersecurity leaders Dragos.
The number of incidents has almost doubled compared to the first quarter, highlighting a worrying trend as cybercriminal groups shift their focus to high-impact industries.
The threat intelligence team at Dragos conducted a thorough analysis of ransomware data sourced from public reports and dark websites. Their insights reveal that the industrial sector remains a primary target due to the critical nature of its operations and the severe consequences of disruptions.
In their report, Dragos documented 312 ransomware incidents globally in the second quarter, up from 160 incidents in the first quarter. This increase underscores the resilience and adaptability of ransomware groups, many of which are rebranding and evolving new tactics and techniques. Notably, the manufacturing sector was hardest hit, accounting for 210 incidents, or roughly 67% of the total.
"Ransomware's impact on industrial organisations has amplified, with criminal groups concentrating on high-impact operators to maximise their profits," stated the Dragos team. This is evident in the activities of various ransomware groups, such as Lockbit, which was responsible for approximately 21% of the attacks on industrial firms, totalling 66 incidents.
Europe experienced around 26% of the global ransomware incidents, with 82 attacks impacting the region. The report also highlighted the sustained activity of 29 ransomware groups targeting industrial organisations in the second quarter, a rise from 22 active groups in the first quarter of 2024. This quarter saw the emergence of several rebranded groups, including BlackSuit (formerly known as Royal ransomware) and RansomHub (previously Knight ransomware), both demonstrating significant activity and employing elaborate tactics to boost their operations.
Dragos has recommended that industrial organisations take proactive measures to bolster their cybersecurity defences against ransomware attacks. Implementing the five critical controls suggested by the SANS Institute is among the proposed steps to mitigate the risk.
This latest report from Dragos underscores the persistent threat posed by ransomware to industrial sectors and the evolving strategies of cybercriminal groups aiming to exploit these high-value targets for substantial financial gain. The increase in ransomware incidents demands a heightened focus on cybersecurity measures and vigilance to safeguard critical industrial infrastructure.