Ransomware groups continued to target industrial organizations and infrastructures and disrupt operational technology (OT) operations in the second quarter of 2022, according to industrial cybersecurity firm Dragos, Inc.
In May of 2022, electronics manufacturer Foxconn was hit by Lockbit 2.0 ransomware, resulting in over 1,200 servers in one of the company’s factories in Mexico becoming encrypted and causing a disruption to the factory’s operation for a couple of weeks. Several ransomware groups, such as Conti and AlphaV, were also noted targeting governmental sectors in Q2.
Dragos observes ransomware groups through publicly disclosed incidents, network telemetry, and dark web posting. Out of the 43 ransomware groups Dragos analyzed, only 23 groups have been active during Q2 of 2022.
Dragos also observed 125 ransomware incidents in the second quarter compared to 158 in the last quarter, noting the reason for the decrease is the shutdown of Conti operations in mid-May, where Conti accounted for 25% and 18%, of the total ransomware incidents targeting industrial organizations and infrastructures in the last two quarters. Conti shut down its operations two weeks after the U.S State Department announced rewards for any information about Conti leadership and its affiliates.
Dragos also notes a new ransomware group called Black Basta. Although security researchers still have more to find out the group, it is speculated that former Conti and REvil group members are running this new ransomware group due to the nature of the operation and the victim selections.
Ransomware by Continent
In Q2, globally, 37% of ransomware attacks targeted industrial infrastructures in Europe. North America came in second with 29%; Asia with 26%; South America with 5%; the Middle East with 3%; Africa 1%. Dragos notes these ransomware attacks targeting industrial organizations is still concerningly high.
The manufacturing subsectors that were hit the most with ransomware in Q2 were food and beverage (8%), transportation (5%), pharmaceuticals (4%), oil and natural gas (2%).
Dragos assesses with high confidence that ransomware will continue to disrupt OT operations in Q3 of 2022. New ransomware groups will appear as either new or reformed entities. With the political tension between Russia and western countries, Dragos also predicts ransomware with highly destructive capabilities will continue to target OT environments.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!