My TechDecisions

Compliance, IT Infrastructure, Network Security, News

Ransomware Groups Continue to Disrupt Industrial Operational Technology

Dragos observed 125 ransomware incidents targeting industrial OT environments in Q2 compared to 158 in the last quarter.

Leave a Comment

NCC group Ransomware
stock.adobe.com/santiago silver

Ransomware groups continued to target industrial organizations and infrastructures and disrupt operational technology (OT) operations in the second quarter of 2022, according to industrial cybersecurity firm Dragos, Inc.

In May of 2022, electronics manufacturer Foxconn was hit by Lockbit 2.0 ransomware, resulting in over 1,200 servers in one of the company’s factories in Mexico becoming encrypted and causing a disruption to the factory’s operation for a couple of weeks. Several ransomware groups, such as Conti and AlphaV, were also noted targeting governmental sectors in Q2.

Dragos observes ransomware groups through publicly disclosed incidents, network telemetry, and dark web posting. Out of the 43 ransomware groups Dragos analyzed, only 23 groups have been active during Q2 of 2022.

Dragos also observed 125 ransomware incidents in the second quarter compared to 158 in the last quarter, noting the reason for the decrease is the shutdown of Conti operations in mid-May, where Conti accounted for 25% and 18%, of the total ransomware incidents targeting industrial organizations and infrastructures in the last two quarters. Conti shut down its operations two weeks after the U.S State Department announced rewards for any information about Conti leadership and its affiliates.

Dragos also notes a new ransomware group called Black Basta. Although security researchers still have more to find out the group, it is speculated that former Conti and REvil group members are running this new ransomware group due to the nature of the operation and the victim selections.

Ransomware by Continent

In Q2, globally, 37% of ransomware attacks targeted industrial infrastructures in Europe. North America came in second with 29%; Asia with 26%; South America with 5%; the Middle East with 3%; Africa 1%. Dragos notes these ransomware attacks targeting industrial organizations is still concerningly high.

The manufacturing subsectors that were hit the most with ransomware in Q2 were food and beverage (8%), transportation (5%), pharmaceuticals (4%), oil and natural gas (2%).

Looking Ahead

Dragos assesses with high confidence that ransomware will continue to disrupt OT operations in Q3 of 2022. New ransomware groups will appear as either new or reformed entities. With the political tension between Russia and western countries, Dragos also predicts ransomware with highly destructive capabilities will continue to target OT environments.

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Four IT Trends That Will Define 2023
Expert Series: Four IT Trends That Will Define 2023

Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations ...

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ