Dragos Industrial Ransomware Analysis: Q4 2023

Executive summary: Dragos' Q4 2023 ransomware assessment reports 204 observed global ransomware incidents affecting industrial organizations, with manufacturing the most impacted sector. LockBit 3.0 led activity (25.5% of incidents), followed by BlackBasta and AlphV, and groups increasingly used techniques like remote encryption and exploited zero-day vulnerabilities (e.g., Citrix Bleed CVE-2023-4966). High-impact events included disruptions to automotive supply chains (Qilin attack on Yanfeng) and notable law enforcement successes (arrests, infrastructure takedowns, and an FBI decryption tool that aided ~500 victims), while Dragos warns of evolving tactics and a possible future focus on OT disruption.