Dragos issued its Industrial Ransomware Analysis for Q2 on August 14, 2024. The analysis shows that ransomware attacks significantly increased in Q2, with many ransomware groups disrupted by law enforcement rebranding themselves into new groups. For instance, BlackCat became inactive in March 2024 after being targeted by law enforcement in late 2023 but “recalibrated their strategies, substantially increasing incidents.” In addition, the Knight ransomware group rebranded itself as RansomHub and Royal ransomware was rebranded to BlackSuit.

Critical industrial operations were the prime target of the ransomware groups. According to Dragos, “[T]his quarter saw a significant rise in the frequency and severity of attacks, reflecting the evolving threat landscape and the persistent risk posed by ransomware groups.” The report notes that these attacks have caused significant operational disruptions to this important sector.

For the manufacturing sector, the construction industry was the most affected, representing 67% of all ransomware incidents in Q2. The most prominent culprits were: BlackBasta; 8Base; Akira; BlackSuit; MedusaLocker; Hunters International; Cactus; RansomHub; and Qilin. New threat actors on the scene that attacked victims in Q2 that were not observed in Q1 include: RA Group; Dragonforce; Ransomhouse; Team Underground; Brain Cipher; Red Ransomware; MetaEncryptor; Cloak; D_Nut_Leaks; BlackByte, Everest; and Monti.

The bad news from the report is that ransomware continues to be a significant threat to the industrial sector, and “ransomware groups demonstrated a significant capacity for adaptation, with some groups rebranding and others emerging with new tactics and techniques.” This will lead to “the introduction of new ransomware variants and increasing coordinated campaigns targeting industrial sectors” despite law enforcement disruptions. The battle against ransomware groups and their ever-evolving tactics is far from over. The relentless efforts of staying ahead of these groups is akin to a game of Whac-A-Mole.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.