New research from Dragos has revealed a 17% decrease in global ransomware attacks on the industrial sector in Q1 of 2024. However, they hasten to add that ransomware still remains the primary cybersecurity threat impacting industrial organisations globally.
This downturn in attacks has been linked to considerably increased law enforcement actions that have effectively dismantled ransomware operations and arrested those involved. Alongside this, there has been a shift in focus amongst ransomware groups towards the healthcare sector from early 2024.
The research highlights the successful international law enforcement collaboration that led to the takedown of the Lockbit ransomware group, a significant threat in cybercrime. At around the same time, the Alphv/Blackcat group, another prominent operator in ransomware, surprisingly chose to decommission its infrastructure after having stolen millions from an affiliate that had recently carried out an attack on an American healthcare services provider.
Of the 169 total global ransomware attacks on industrial organisations and infrastructure recorded in Q1 of 2024, Dragos’ research revealed that over 45% were in North America, with 30% affecting Europe and 11% touching Asia. Manufacturing bore the brunt of these attacks, suffering 63% of all incidents. This figure far outstripped the 15% of incidents occurring within the transportation sector and the 12% happening in the industrial control systems equipment and engineering sector.
The Lockbit 3.0 group was identified as the instigator of most attacks against industrial organisations, being responsible for 27% of observed ransomware events. The 8base ransomware group was accountable for 14% of incidents, with Hunters International causing 10%. Interestingly, there were 12 groups that Dragos believed had been active in Q4 of 2023 but were not evident in Q1 of 2024.
Moving forward, Dragos predicts that the ransomware threat landscape will continue to evolve, most likely showing an increase in the release of new variants, as well as a growth in the number of coordinated campaigns targeting industrial sectors. It suggests this evolving strategy is reflective of a worrying trend within the ransomware landscape. Here, the impact of such attacks can extend beyond data loss and financial costs to directly threaten the operational integrity of targeted organisations.
About Author
