Dragos Industrial Ransomware Analysis: Q4 2024

Dragos' Q4 2024 ransomware landscape describes an increasingly fragmented and dynamic ransomware ecosystem targeting industrial organizations, where RaaS operators and newly rebranded groups leverage exploited vulnerabilities (Veeam, Cleo, VPNs, firewalls, backup solutions), living-off-the-land techniques, cloud-based exfiltration, and RMM tools to cause operational disruptions. The report documents high-impact incidents (e.g., RECOPE, Stoli Group, Pittsburgh Regional Transit), sectoral concentration in manufacturing and transportation, regional distributions (North America dominant), and recommends mitigations such as MFA, offline backups, hardened remote access, personnel training, and threat intelligence sharing.