Ransomware groups are continuing to target the industrial sector at an increasing rate and new ransomware gangs are emerging, threatening to push the rate of attacks up even higher, according to Drago’s most recent third quarter Industrial Ransomware Analysis report.

Dragos tracks the activities of 48 different ransomware groups that target industrial organizations and infrastructure. In the third quarter of 2022, only 25 of the 48 groups actively targeted industrial organizations. Dragos observed 128 ransomware incidents in the third quarter of 2022 compared to 125 in the previous quarter. Of the 128 attacks, 36 percent (46 incidents) occurred against industrial organizations in North America. Notably, according to Dragos, “the percentage of reported cases in North America jumped to 36 percent compared to 26 percent in the last quarter. The increase in ransomware activities in North America could be tied to the current global political and economic situations.”

Furthermore, the Lockbit ransomware family was the most active group during the quarter, accounting for 35 percent (45 incidents) of the total ransomware incidents. The Black Basta group was the second most active family, responsible for 11 percent of attacks (16 incidents), while Hive was third with 7 percent of observed attacks (9 incidents). In addition, data from the report indicates the Ragnar Locker gang has been targeting mainly the energy sector and the group Cl0p Leaks has been targeting only the water and wastewater sector. For the last quarter of this year, Dragos assesses with high confidence “that ransomware will continue to disrupt industrial operations, whether through the integration of OT kill processes into ransomware strains, flattened networks allowing for ransomware to spread into OT environments, or through precautionary shutdowns of OT environments by operators to prevent ransomware from spreading to OT systems.” Access the full report at Dragos.