The number of ransomware attacks targeting industrial
organizations and infrastructure has doubled since the second
quarter of 2022, according to data from industrial cybersecurity
firm Dragos.
In a report analyzing data
from the second quarter of 2023, Dragos said it saw 253 ransomware
incidents, up 18% from the first quarter of
2023, when it observed 214 attacks.
The company saw 189 ransomware incidents in the last quarter of 2022,
a 30% increase from the 128 incidents in the third quarter of
2022. In the second quarter of 2022, the number dropped to 125
from 158 incidents in the first quarter. The drop was attributed at
the time by Dragos to the shutdown of the Conti
operation.
Dragos has blamed the surge in attacks on ransomware revenue
plunging in 2022 as more victims refused to pay up.
“Dragos assesses with moderate confidence that the third quarter
of 2023 will witness increased business-impacting ransomware
attacks against industrial organizations for two reasons. Firstly,
the prevailing political tension between NATO countries and Russia
motivates Russian-aligned ransomware groups to continue targeting
and disrupting critical infrastructure in NATO countries,” Dragos
said.
“Secondly, as the number of victims willing to pay ransoms
diminishes, RaaS groups have shifted their focus towards larger
organizations, resorting to widespread ransomware distribution
attacks to sustain their revenues,” it added.
Nearly half of the ransomware attacks observed by the security
firm hit organizations and infrastructure in North America,
followed at a distance by Asia.
Half of the 66 ransomware groups monitored by Dragos launched
attacks in Q2 2023, with the most active being LockBit, responsible
for 48 incidents, followed by Alpha V, with 31 incidents, and Black
Basta, with 26 incidents.
