Recent research by the U.S. organization Resecurity found that number of ransomware attacks on the energy sector in North America and Europe doubled by 2023 compared to the previous year. Germany's Handelsblatt confirmed this increase, reporting 21 recorded attacks on energy companies through October this year alone.
This serious increase in attacks on critical infrastructure organization cannot be denied, with the researchers noting that some ransomware groups such as BlackCat/ALPHV, Medusa, and LockBit 3.0 are further intensifying their attacks on these 'high stakes targets.' According to the report, these criminal groups do not operate in isolation, but are supported by an entire ecosystem of "access brokers" and "tool developers," who often provide them with access to critical infrastructure organizations as well as the tools to further exploit these entrances in order to attack and encrypt critical systems. According to the U.S. company, this collaboration between criminal groups and individuals particularly reflects the strategic value of attacks on the energy sector, which is considered a gold mine where ransom payments of more than $5 million are no exception.
The rationale behind the attacks on critical infrastructure organizations is the fact that these organizations are becoming increasingly digitized, which increases the attack surface for malicious hackers and thus gives them more opportunities to penetrate. Thus, the desire from the energy sector to increase operational efficiency through digitization brings lucrative opportunities for cyber criminals.
Another report from the U.S. DHS (Department of Homeland Security) endorses the above and see that it is precisely because of these large ROIs (Return On Investment) amounts for these criminal groups that these ransomware campaigns are only increasing. They also report a technical refinement/improvement of the ransomware itself, such as "intermittent encryption," use of more modern programming languages and dual ransomware attacks that include more than one variant. This enables criminals to encrypt systems even faster and reduces the chances of detection.
The researchers ultimately conclude that the threat to critical infrastructure continues to grow and thus this sector really needs to work on "strengthening its cyber defenses," with the goal of withstanding increasingly sophisticated cyber attacks in the future.
