Dragos Measures a 2x Increase in Ransomware Attacks Against Industrial Orgs in Q2 2023

Category: Critical Infrastructure Security | Industries: Aerospace, Automotive, Chemical, Consumer Goods, Construction, Defense, Equipment, Electronic, Food & Agriculture, Healthcare, Maritime, Machinery, Metals, Packaging, Paper, Pharmaceuticals, Plastics, Rubber, Semiconductor, Textiles | Source: Dragos

During the second quarter of 2023, ransomware activity has surged significantly, doubling in attacks as supported by Dragos' tracking data. The quarter two report revealed 253 ransomware incidents, reflecting an 18% increase from the previous quarter. Dragos has been monitoring 66 ransomware gangs, with 30 of them actively targeting industrial organizations. The rise in quarter two attacks can be attributed to the larger number of active ransomware groups, with 33 gangs observed compared to only 20 in the first quarter of 2023.

North America was the most heavily attacked region, accounting for 43% of all attacks, followed by Europe with 30.5% and Asia with 14%. South America recorded 4%, while both Africa and The Middle East measured at 3%. Australia had the lowest figure at 1%. In terms of ICS sectors, attacks were mainly focused on entities in the manufacturing sector, accounting for 70% of incidents. The top subsectors impacted, in order, are equipment, electronics, food & beverage, construction, pharmaceuticals, and consumer goods.

The most prominent ransomware players were Lockbit 3.0, responsible for 19% of attacks (48 incidents), AlphaV, with 12% of attacks (31 incidents), and Black Basta with 10% of attacks (26 incidents). According to Dragos' assessment, ransomware activity is expected to grow in quarter three, as ransomware gangs maintain an aggressive stance for financial gain. The continued tensions between NATO and Russia are also likely to be driving catalysts for ransomware attackers.