Companies Focus on Fraud Prevention as Industrial Ransomware Attacks Jump 87%

Cyberattacks on industrial businesses skyrocketed last year amid a rise in criminals selling ransomware services.

That’s according to a new report from cybersecurity firm Dragos, which cites political tensions in places like Russia and Ukraine and the growth of ransomware-as-a-service (RaaS) as reasons for the 87% spike in attacks on industrial targets.

“Manufacturing claimed the highest share, a staggering 72 percent, but ransomware attacks spanned many industries, including food and beverage, energy, pharmaceuticals, oil and gas, water, mining, and metals,” Dragos said on its blog Wednesday (Feb. 14).

This comes as new PYMNTS data shows most companies across all business sectors are making digital fraud prevention and risk management solutions a top priority.

As reported here last year, sales of RaaS to would-be thieves with no technical background has allowed ransomware professionals to operate more like legitimate businesses.

Criminals essentially purchase subscription-based/pay-for-use malware and can use it to shut down major businesses or industrial operations.

“There are also consultants for hire to gather intel on potential victims, determine realistic demands and act as negotiators between victims and thieves,” PYMNTS wrote.

The Dragos report also points to the rise of the hacker group Lockbit as a cause of industrial ransomware attacks. 

“The Lockbit ransomware group accounted for the largest number of ransomware incidents that targeted industrial organizations and infrastructures in the last year, at 28 percent,” Dragos said.

The report adds that Dragos “assesses with moderate confidence” that Lockbit will continue to pose a threat to the industrial sector this year, “whether through the Lockbit gang itself, or others creating their own version of Lockbit ransomware.”

Dragos’ assessment echoes comments last month by Hanah-Marie Darley, head of threat research at the U.K.-based cybersecurity firm Darktrace, who called LockBit “one of the largest and most prolific ransomware gangs in operation.”

Speaking with PYMNTS via email, Darley noted that the group’s targets have gone beyond industrial operations. Most of its victims have been financial institutions, but the last 18 months have seen it go after the French Justice Department, the U.K. Girl Guides charity and the German pension manager Heubeck AG.

In addition, she added that “a key, wider trend at play here is the commoditization of cyber-crime, as seen with [ransomware-as-a-service].”

Instead of the LockBit threat coming from a distinct group of individuals, Darley further explained that the malware is sold off to the highest bidder, making it harder to find the specific actor behind any given attack.

The Dragos report follows an analysis in November from the Financial Crimes Enforcement Network (FinCEN) that found that the number of ransomware attacks reported by financial institutions and occurring in 2021 was double the previous year.

The number shot up 108% from 602 in 2020 to 1,251 in 2021, FinCEN said, noting that the dollar amounts involved in those incidents climbed from $527 million in 2020 to $886 million in 2021, a 68% increase.