Ransomware attacks targeting industrial organizations and infrastructure have doubled since the second quarter of 2022, according to a report from industrial cybersecurity firm Dragos. In the second quarter of 2023, Dragos observed 253 ransomware incidents, marking an 18% increase from the first quarter of 2023, which had 214 attacks. The rise in attacks is attributed to ransomware revenue plunging in 2022 as more victims refused to pay up.
Dragos predicts that the third quarter of 2023 will witness increased business-impacting ransomware attacks against industrial organizations due to political tensions and ransomware groups shifting their focus towards larger organizations.
North America is the most affected region, followed by Asia. The manufacturing sector remains the most targeted, with industrial control systems (ICS), transportation, and oil and gas sectors also experiencing significant attacks. Among the monitored ransomware groups, LockBit, Alpha V, and Black Basta are the most active in launching attacks.
Carol Volk, EVP, BullWall leads with is comment:
“Industrial sector organizations must prioritize cybersecurity by strengthening defenses with advanced protection tools, network segmentation, regular data backups and for the inevitable breach, ransomware containment. Educating employees about cybersecurity risks, collaborating with reputable cybersecurity firms, and fostering cooperation among governments and industries for threat information sharing are crucial steps.”
Emily Phelps, Director, Cyware follows with this comment:
“Ransomware attacks can devastate organizations. Adversaries don’t only outnumber cybersecurity pros; they collaborate effectively too. To mitigate the potential damage, enterprises should have preparations that enable them to maintain business continuity in case of an attack.
“Organizations should regularly back up and test data and systems on an air-gapped network or at least on a network not constantly connected to the internet; segment their environments to contain outbreaks; regularly patch and update systems, applications, and software; invest in regular security awareness training so employees are armed to recognize and avoid common threat tactics; and invest in context-rich threat intelligence that enable security teams to proactively identify and prioritize threats that are more likely to impact their business.”
Finally Stephen Gates, Principal Security SME, Horizon3.ai:
“Simply put, attackers who gain remote access to any internal computing device are the primary threat industrial organizations face. Once an attacker achieves access, they use it to take over networks and ransom critical systems.
“In comparison to a natural disaster, fire, or other similar incident, a cyber event like ransomware that halts production is just as critical to plan for, especially in terms of risk management and business continuity.
“The most effective way to defeat ransomware-based attacks is to continuously assess your own infrastructure, find the attack paths an attacker would take, and then fix those issues and validate that your fixes defeated the discovered attack paths. Once complete, you rinse and repeat the process regularly to discover new attack paths. No other defensive or offensive method of reducing the risk of ransomware will be as effective as the method explained here.”
Clearly the threat actors are moving to attack sectors where they think they will get paid. The best way to stop that from happening is to make every sector as difficult to breach as possible. That way the threat actors have less opportunities for a big payday.