Latest News

Dragos: Global ransomware attacks on the industrial sector down 17% in Q1 2024

Decrease attributed to increased law enforcement actions dismantling ransomware operations and many ransomware groups now targeting the healthcare industry

London, 1 May 2024 – New research from Dragos, the global leader in cybersecurity for operational technology (OT) environments, has revealed there was a 17% drop in number of attacks on the industrial sector in Q1 2024, yet ransomware remains the foremost widespread cybersecurity threat impacting industrial organizations worldwide.

This downturn is attributed to a significant increase in law enforcement actions dismantling ransomware operations and apprehending the individuals involved, and a shift in focus by ransomware groups towards the healthcare sector since early 2024.

Notably, an extensive international law enforcement collaboration led to the dismantling of the Lockbit ransomware group, one of the most prominent and widely recognized groups in the cybercrime arena. Concurrently, the Alphv/Blackcat group, another prominent player in the ransomware ecosystem, initiated a surprising self-decommission of its infrastructure after stealing millions of dollars from an affiliate that recently attacked an American healthcare services provider.

Dragos’ research revealed that 83 of the 169 global ransomware attacks on industrial organizations and infrastructure in Q1 2024 were in North America – over 45% of all incidents. 30% of attacks impacted Europe and 11% impacted Asia. Manufacturing was the most impacted industry, with 63% of all incidents – ahead of 15% of incidents in the transportation sector and 12% in the industrial control systems equipment and engineering sector.

The Lockbit 3.0 group was behind the most attacks against industrial organizations, with 27% of observed ransomware events. The 8base ransomware was responsible for 14% of incidents, and Hunters International responsible for 10%. There were 12 groups that Dragos expected undertook attacks in the fourth quarter of 2023, but not in the first quarter of 2024.

Looking forward, Dragos assesses with moderate confidence that the ransomware threat landscape will continue to evolve, likely characterized by the introduction of new variants and an increasing number of coordinated campaigns targeting industrial sectors. This evolving strategy reflects a concerning trend in the ransomware landscape, where the consequences of attacks extend beyond data loss and financial impact to directly threaten the core operational integrity of targeted organizations.
You can learn more about the five critical controls by downloading our guide, “5 Critical Controls for World-Class OT Cybersecurity.”


About Dragos
Dragos has a global mission to safeguard civilization from those trying to disrupt the industrial infrastructure we depend on every day. The Dragos Platform offers the most effective industrial cybersecurity technology, giving customers visibility into their ICS/OT assets, vulnerabilities, threats, and response actions. The strength behind the Dragos Platform comes from our ability to codify Dragos’s industry-leading OT threat intelligence, and insights from the Dragos services team, into the software. Our community-focused approach gives you access to the largest array of industrial organizations participating in collective defense, with the broadest visibility available.

Our solutions protect organizations across a range of industries, including electric, oil & gas, manufacturing, building automation systems, chemical, government, water, food & beverage, mining, transportation, and pharmaceutical. Dragos is privately held and headquartered in the Washington, DC area with regional presence around the world, including Canada, Australia, New Zealand, Europe, and the Middle East.