Industrial firms experienced an increase in ransomware attacks during the second quarter of 2024.

According to Dragos, an industrial cybersecurity consultancy, the number of ransomware attacks on industrial enterprises increased significantly from the first to the second quarter of 2024.

The number of ransomware groups targeting industrial enterprises increased from 22 in

the first quarter to 29 in the second quarter, according to the company's Industrial Ransomware Analysis Report for Q2 2024.

After law enforcement cracked down on big ransomware operations like BlackCat and LockBit in Q1 2024, the number and effect of attacks decreased.

With these and other groups adjusting and "recalibrating" their tactics, the number of attacks nearly quadrupled in Q2 compared to Q1 — going from 169 occurrences to 312 incidents.

As Dragos pointed out, two ransomware groups have changed their names: one is now known as BlackSuit and the other is RansomHub. The two gangs reemerged using modern strategies and methods.

The majority of the ransomware attacks that Dragos detected were directed towards industrial enterprises in Europe and the US. The manufacturing sector remains the most targeted.

The top five most attacked teams were LockBit (66 occurrences), Play (31 incidents), BlackBasta (27 incidents), 8Base (22 incidents), Akira (20 incidents), and BlackSuit (20 incidents).

It's worth mentioning that there are others who doubt LockBit's comeback, bringing up the possibility that the hackers may have exaggerated their figures in the second quarter to minimize the effect of the law enforcement operation.

Though no ransomware attacks targeting ICS or OT processes were detected by Dragos, ransomware gangs have nonetheless managed to damage industrial businesses' IT systems. Dragos pointed out that OT network disruptions have happened, mostly as a result of the interdependencies between OT and IT systems.

The business believes, with moderate certainty, that new ransomware variants will emerge and that coordinated attacks targeting industrial sectors will become more commonplace in the future of ransomware threats. This trend is likely to continue, given the demonstrated persistence and adaptability of ransomware groups, despite major steps taken by law enforcement.