The year 2024’s ransomware shake-up, fueled by law enforcement crackdowns on giants like LockBit, has shifted focus to critical operations, with major attacks this year hitting targets like Halliburton, TfL, and Arkansas water plant.
A Dragos study for the third quarter of 2024 highlighted a surge in activity from new groups like RansomHub, Play, and Fog, all exploiting VPN flaws and stolen credentials to gain footholds in critical systems using various living-of-the-land (LOTL) techniques.
“The shift from traditional financial extortion to operational sabotage, particularly by hacktivist personas, compounds ransomware risks,” said Dragos in a report. “This convergence of motivations further blurs the line between cybercrime and cyberwarfare, requiring enhanced defenses for ICS and OT environments.”
