Ransomware attacks continued to be a significant threat to industrial organizations and infrastructure with threat actors employing old and novel tactics to compromise victims, according to Dragos’ most recent first quarter of 2023 Industrial Ransomware Analysis report.

Twenty of the 61 ransomware groups that Dragos tracks caused significant damage to industrial organizations through the use of continually evolving tactics. During the quarter, two new and significant trends were observed – the use of zero-day vulnerabilities and the exploitation of recently discovered vulnerabilities. Dragos observed a total of 214 ransomware incidents in the first quarter of 2023, a 13 percent increase from the previous quarter, which included twice the number of incidents observed last quarter for North America. Notably, the Clop ransomware group claimed to have used the GoAnywhere zero-day vulnerability (CVE-2023-0669) to impact 130 organizations in February 2023. Additionally, Lockbit 3.0 was responsible for 36 percent of the total ransomware attacks, nearly double the incidents in the last quarter.  

Dragos assesses with high confidence that “ransomware will continue to disrupt industrial operations, whether through the integration of operational technology (OT) kill processes into ransomware strains, flattened networks allowing ransomware to spread into OT environments, or precautionary shutdowns of production by operators to prevent ransomware from spreading to industrial control systems.” Access the full report at Dragos.