ICS/OT Ransomware Impacts to Utilities – Highlights from Dragos ICS/OT Ransomware Analysis: Q1 2022

While Coveware’s recent quarterly report, Ransomware Threat Actors Pivot from Big Game to Big Shame Hunting analyzes the broader ransomware threat picture, Dragos’ quarterly report, ICS/OT Ransomware Analysis: Q1 2022 looks at ICS/OT impacting ransomware. The report supports Dragos’ Q4 2021 assessment that ransomware would continue to disrupt OT operations into 2022 and combined with several globally significant events, indicates that ransomware may even pose a greater risk for operational disruption and impacts than it did last year. While the manufacturing sector took the large brunt of the targeting at 75 percent, food and beverage were a distant second at 6 percent. All other sectors ranged from 4 to 1 percent, including utilities at 2 percent. Likewise, out of the 37 ransomware groups targeting industrial organizations that Dragos monitors, Avos Locker and Blackbyte have been the 2 groups that primarily impact utilities. This year federal partners have posted indicators of compromise and behaviors for both groups. Members are highly encouraged to review those reports (referenced below) for details on detecting and protecting against activity their behaviors. Visit Dragos for more.

References:

• FBI-USSS: Indicators of Compromise Associated with BlackByte Ransomware
• Indicators of Compromise Associated with AvosLocker Ransomware