Connect with us

Hi, what are you looking for?


Conti, LockBit most active ransomware targeting industrial sector

Circuit Board

Conti, LockBit most active ransomware targeting industrial sector

Ransomware attacks extended into the industrial sector last year to such a degree that this type of incident became the number one threat in the industrial sector.

Two ransomware groups, LockBit and Conti, have been most active compromising organizations with an Industrial Control System (ICS)/Operational Technology (OT) environment in 2021.

Ransomware threat is frequent in the manufacturing sector

A report today from industrial cybersecurity company Dragos highlights that the industrial sector has become a more attractive target for both financially motivated adversaries and actors linked to state-sponsored groups.

Monitoring the threat activity in the industrial sector last year, the company discovered a jump in ransomware incidents targeting ICS/OT networks.

According to Dragos’ findings, the most common targets for ransomware groups were in the manufacturing sector, with 211 attacks accounting for 65%, followed by 35 successful compromises of companies in the food and beverages business, and 27 attacks against entities in the Transportation sector.

Ransomware ICS Dragos

The researchers note that the manufacturing vertical is the most exposed to attacks because this “sector is often the least mature in their OT security defenses.”

An overview of the security of these companies reveals a troubling trend, the researchers say based on data collected during customer engagements

Advertisement. Scroll to continue reading.

Many organizations have very limited visibility into the infrastructure, fail to properly segment network perimeters, have many devices with an external connection, and a large percentage of shared credentials between the enterprise network (IT) and the OT environment

OT security issues Dragos

The problems above lay the ground for successful attacks, allowing threat actors to pivot from the IT network into the OT segment, even if breaching the latter is not the main goal.

This allowed the ransomware threat to become the number one cause for compromises in the industrial sector, the researchers note in the report.

“While ransomware mainly targets enterprise IT systems, there are a number of instances when it does impact OT directly and in integrated IT and OT environments” – Dragos

After gaining access to the IT network to execute the ransomware component, adversaries can move laterally into OT systems, allowing them to ask for larger ransoms by causing a more damaging impact.

LockBit and Conti attacks in ICS sector

Of the ransomware groups attacking the industrial infrastructure, LockBit and Conti are by far the most active, accounting for 51% of the incidents.

RansomwareICS Dragos

According to Dragos, the two ransomware groups are responsible for 166 attacks on companies in the ICS sector, LockBit accounting for 103 incidents and Conti for 63.

In 70% of all the ransomware incidents that Dragos analyzed, the targets were in the manufacturing sector, the most affected subsectors being metal products, automotive, plastics, technology, and packaging.

RansomwareICS breakdown Dragos

Ransomware threats are not showing any decline, despite governments prioritizing law enforcement efforts to bring ransomware-as-a-service (RaaS) operators and their affiliates to justice.

Dragos has high confidence that this threat will keep disrupting industrial operations and OT environments in 2022 because of either of the following three factors:

Advertisement. Scroll to continue reading.
  • Actors integrate OT kill processes into ransomware payloads
  • Operators shutting down OT environments to prevent ransomware from spreading to the OT systems from the IT network
  • Adoption of the simplified flat network design to lower cost and maintenance effort by reducing the number of routers and switches, which leads to a less secure environment due to lack of segmentation

Click to comment

Leave a Reply



Calm, the meditation and relaxation tech startup featuring a medley of celebrity voices, has laid off a fifth of its staff. The company is...


Placeholder while article actions load The de facto leader of Samsung received a presidential pardon on Friday, wiping clean the billionaire scion’s criminal record...


COVINGTON, Ga. — One area team opened a new season with a win while the other began with a loss. Social Circle downed Newton...


The power of TikTok was on full display this week after a Houston woman went viral for rescuing a puppy discovered hidden in piles...

Online Business Success

A pump is seen at a gas station in Manhattan, New York City, US, on August 11, 2022. — Reuters Brent crude futures were...


Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here. Can AI-driven fitness...


You May Also Like


Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...