ICS/OT Ransomware – Dragos’s Most Recent Industrial Ransomware Analysis: Q2 2024

There was a notable rise in ransomware attacks targeting industrial organizations in the second quarter of 2024 compared to the prior quarter according to the “Dragos Industrial Ransomware Analysis: Q2 2024” report. The report highlights a significant resurgence in threat actor activity, with large ransomware groups such as Royal ransomware and the Knight groups, rebranding as BlackSuit and RansomHub, respectively. Despite a drop in both the volume and impact of attacks in Q1 – following law enforcement crackdowns on BlackCat and LockBit – Q2 saw the number of attacks nearly double from 169 incidents to 312.

Dragos indicates that 29 out of the 86 ransomware groups known to target industrial organizations remained active in the second quarter, reflecting an increase from the 22 groups that conducted attacks in the first quarter. Most of the reported ransomware attacks focused on industrial organizations in the United States and Europe, with the manufacturing sector remaining the primary target.

Dragos “assesses with moderate confidence that the ransomware threat landscape will continue to evolve, characterized by the introduction of new ransomware variants and increasingly coordinated campaigns targeting industrial sectors. Despite significant law enforcement actions, the observed resilience and adaptability of ransomware groups indicate a likely continuation of this trend.” Access the full report at Dragos, and for more analysis, visit SecurityWeek.