The second quarter of 2023 proved to be an exceptionally active period for ransomware groups, with ransomware attacks increasing by 18% on the previous quarter, according to analysis by cyber security specialist Dragos.

Dragos identified 254 ransomware incidents in the second quarter of 2023. Dragos analyses ransomware variants impacting industrial organisations worldwide and tracks ransomware information via public reports and information uploaded to or appearing on dark web resources. In Q2, Dragos tracked the activity of 33 ransomware groups, compared to 20 in Q1.

The research shows that 70% of all alleged ransomware attacks impacted the manufacturing sector (177 total incidents), while 47.5% of the 253 ransomware alleged attacks recorded globally impacted industrial organisations and infrastructure in North America, for a total of 120 incidents: an increase of approximately 27% over the number reported last quarter for North America.

The industrial ransomware incidents that Dragos tracked last quarter impacted 20 unique manufacturing subsectors. At the top of the list, equipment manufacturing had around 15% (26 attacks).

Analysis of ransomware data shows Lockbit 3.0 was responsible for 19% of the total alleged ransomware attacks, accounting for 48 incidents, nearly a 38% decrease compared to the incidents in the last quarter.

Dragos added that it assesses with high confidence that ransomware will continue to disrupt industrial operations, whether through the integration of operational technology (OT) kill processes into ransomware strains, flattened networks allowing ransomware to spread into OT environments, or precautionary shutdowns of production by operators to prevent ransomware from spreading to industrial control systems.