How the threat landscape is changing and what new tactics cybercriminals are using
The threat posed by ransomware continues to grow—not only in terms of frequency, but also in terms of strategy. While cybercriminals used to rely primarily on financial extortion, the new Dragos Industrial Ransomware Report for Q3 2024 shows that targeted operational sabotage is playing an increasingly significant role. Industrial companies are particularly affected, facing massive production outages and security risks as a result of these attacks.
In the third quarter of 2024, Germany was among the hardest-hit countries in Europe. Attacks on companies in the manufacturing, transportation, and technology sectors are particularly concerning, as they directly impact critical infrastructure.
Ransomware Attacks Worldwide – Statistics and Trends
According to the Dragos Report, the geographic distribution of ransomware attacks in the third quarter of 2024 was as follows:
- North America: 304 attacks (55% of all ransomware attacks worldwide)
- Europe: 119 incidents (22%), particularly in Germany, Italy, and the United Kingdom
- Asia: 66 incidents (12%), primarily targeting government operations and transportation systems
- Middle East: 18 incidents (3%)
- Oceania: 12 incidents (2%), particularly in Australia and New Zealand
- Africa: 8 incidents (1.5%)
Cyberattacks are a cause for concern, particularly in industrialized nations and critical sectors. Germany remains a prime target for attacks on manufacturing and technology companies.
New Tactics Used by Ransomware Groups
Cybercriminals are constantly adapting and developing new strategies to make their attacks even more effective. The Dragos Report highlights three key trends:
1. Targeted operational sabotage
- Ransomware attacks are increasingly targeting companies with low tolerance for downtime.
- Although no direct attacks on Operational Technology (OT) were detected, IT attacks led to massive production delays.
2. Vulnerabilities in VPNs and remote access systems
- VPN vulnerabilities and weak login credentials are among the main attack vectors.
- About 30% of ransomware attacks in Q3 2024 were attributable to poorly managed VPN or remote access systems.
3. New and established ransomware groups continue to evolve
- RansomHub: The most active ransomware group, with 90 attacks worldwide in Q3 2024, particularly targeting industrial companies.
- Lockbit 3.0: Despite 78 documented attacks, the group is losing influence due to law enforcement actions.
- Eldorado and Play: These new groups are increasingly targeting virtual network applications and remote services.
From Extortion to Sabotage – The New Ransomware Strategy
While the focus used to be purely on ransom demands, a significant shift is now evident:
🔹 Ideological motives are gaining prominence
🔹 Targeted attacks on critical infrastructure and industrial companies
🔹 Ransomware groups are relying on combined attacks—encryption and sabotage
This shift significantly increases the risk for companies, as attacks not only cause financial damage but can also paralyze entire production lines or create safety risks for employees.
How Companies Protect Themselves Against Ransomware Attacks
Companies should increase their investment in their cybersecurity strategy. This includes:
✔ Strong access controls & MFA – multi-factor authentication for all sensitive access points
✔ Regular security updates & patch management – especially for VPNs and remote access services
✔ Network segmentation & zero-trust security – minimizing the attack surface
✔ Security awareness training for employees – protection against phishing and social engineering
✔ Backup strategy & disaster recovery plan – for rapid recovery after attacks
In light of the growing threat of ransomware attacks, companies must proactively adapt their cybersecurity measures to detect and stop attacks early on.