expert
OPINION by ransomware during the fourth quarter of 2023 . The percentage breakdown as a part of all manufacturing incidents is as follows :
• Equipment : 20 % ( 27 incidents )
• Consumer : 12 % ( 16 incidents )
• Metals : 9 % ( 12 incidents )
• Automotive : 8.1 % ( 11 incidents )
• Food and beverage , contraction and chemical : 8 % ( six incidents )
• Pharmaceuticals , electronic and plastic : 4.4 % ( six incidents )
• Packaging and healthcare : 3.7 % ( five incidents )
• Aerospace , glass , agriculture and textile : 2.2 % ( three incidents )
• Rubber , maritime , paper , recycling and semiconductor : less than 1 % ( one incident )
Dragos ’ analysis of numerous ransomware data from the fourth quarter of 2023 indicates that the Lockbit 3.0 group was behind most attacks against industrial organisations , with 25.5 % ( or 52 incidents ) of observed ransomware events . The BlackBasta ransomware was second with 10.3 % ( or 21 incidents ). The following rounds out the observed ransomware group trends for the fourth quarter of 2023 :
• AlphV was responsible for 6.8 % of incidents ( 14 incidents )
• 8Base and Play : 6.3 % each ( 13 incidents each )
• Losttrust was responsible for 5.4 % of incidents ( 11 incidents )
• Noescape was responsible for 4.4 % of incidents ( 9 incidents )
• Akira was responsible for 3.9 % of incidents ( eight incidents )
• Bianlian was responsible for 3.4 % of incidents ( seven incidents )
• Cactus , Inc Ransom , Qilin , Medusablog and Regroup : 2.4 % each ( five incidents each )
• Cl0p and Knight : 1.9 % each ( four incidents each )
• Meowleaks was responsible for 1.4 % of incidents ( three incidents )
• Lorenz , Metaencryptor , Money Message , Rhysida , Snatch and Trigona : less than 1 % each ( two incidents each )
The remaining ransomware groups were responsible for 1 % or less of incidents .
The groups that Dragos observed in the third quarter but not in the fourth quarter of 2023 are as follows :
• Cloak • Ciphbit
• Rancoz • Ransomed
• Mallox • Everest
• Cuba
Dragos observed the following ransomware groups for the first time in the fourth quarter of 2023 :
• Knight • Meowleaks
• Threeam • Losttrust
• Metaencryptor • Moneymessage
It is still being determined whether these new groups are in fact new or if they are reformed or rebranded from other ransomware groups .
Final words
Looking forward , Dragos assesses with moderate confidence that the ransomware threat landscape will continue to evolve and marked by the emergence of new ransomware variants . These developments are expected as ransomware groups strive to refine their attack methodologies , likely keeping zero-day vulnerabilities as a key component in their operational toolkit .
Additionally , Dragos assesses with low confidence that ransomware groups may increasingly develop and deploy ransomware specifically designed to disrupt Operational Technology ( OT ) processes . This potential shift in focus towards OT processes could be driven by the continuous attempts of ransomware groups to exert greater pressure on victims to pay ransoms . By targeting critical OT processes , these groups could significantly amplify the impact of their attacks on industrial organisations . Such disruptions would not only affect operational capabilities but also compromise safety , thereby increasing level of urgency and potentially compelling victims to meet ransom demands more readily .
This evolving strategy reflects a concerning trend in the ransomware landscape , where the consequences of attacks extend beyond data loss and financial impact to directly threaten the core operational integrity of targeted organisations .
Get your copy of the 2023 Year in Review
For a complete analysis of 2023 ransomware activity affecting industrial and critical infrastructure , download your free copy of the 2023 OT Cybersecurity Year in Review : https :// www . dragos . com / otcybersecurity-year-in-review /
WWW . INTELLIGENTCISO . COM 43