My TechDecisions

Compliance, IT Infrastructure, Network Security, News

Ransomware Groups Continue to Disrupt Industrial Operational Technology

Dragos observed 125 ransomware incidents targeting industrial OT environments in Q2 compared to 158 in the last quarter.

Leave a Comment

Microsoft Fortra healthcare ransomware
stock.adobe.com/santiago silver

Ransomware groups continued to target industrial organizations and infrastructures and disrupt operational technology (OT) operations in the second quarter of 2022, according to industrial cybersecurity firm Dragos, Inc.

In May of 2022, electronics manufacturer Foxconn was hit by Lockbit 2.0 ransomware, resulting in over 1,200 servers in one of the company’s factories in Mexico becoming encrypted and causing a disruption to the factory’s operation for a couple of weeks. Several ransomware groups, such as Conti and AlphaV, were also noted targeting governmental sectors in Q2.

Dragos observes ransomware groups through publicly disclosed incidents, network telemetry, and dark web posting. Out of the 43 ransomware groups Dragos analyzed, only 23 groups have been active during Q2 of 2022.

Dragos also observed 125 ransomware incidents in the second quarter compared to 158 in the last quarter, noting the reason for the decrease is the shutdown of Conti operations in mid-May, where Conti accounted for 25% and 18%, of the total ransomware incidents targeting industrial organizations and infrastructures in the last two quarters. Conti shut down its operations two weeks after the U.S State Department announced rewards for any information about Conti leadership and its affiliates.

Dragos also notes a new ransomware group called Black Basta. Although security researchers still have more to find out the group, it is speculated that former Conti and REvil group members are running this new ransomware group due to the nature of the operation and the victim selections.

Ransomware by Continent

In Q2, globally, 37% of ransomware attacks targeted industrial infrastructures in Europe. North America came in second with 29%; Asia with 26%; South America with 5%; the Middle East with 3%; Africa 1%. Dragos notes these ransomware attacks targeting industrial organizations is still concerningly high.

The manufacturing subsectors that were hit the most with ransomware in Q2 were food and beverage (8%), transportation (5%), pharmaceuticals (4%), oil and natural gas (2%).

Looking Ahead

Dragos assesses with high confidence that ransomware will continue to disrupt OT operations in Q3 of 2022. New ransomware groups will appear as either new or reformed entities. With the political tension between Russia and western countries, Dragos also predicts ransomware with highly destructive capabilities will continue to target OT environments.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ