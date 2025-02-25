Ransomware attacks against industrial organizations are up 87% year over year, according to Dragos' "Year in Review" report for 2025.

The report, published Tuesday, is Dragos' eighth annual publication where it presents operational technology (OT) and industrial control system (ICS) security findings from the previous year. Dragos obtained the report's data through a combination of research, incident response engagements, threat hunting and telemetry discovered through the vendor's security platform.

The industrial security space faces a set of particular challenges, as many of the organizations that require OT and ICS systems are in critical infrastructure sectors, such as water and power, or are important parts of the supply chain like manufacturing. Because of the high-stakes status of such organizations -- and because many, particularly smaller, industrial organizations struggle to stay on top of vulnerability management -- OT/ICS has become an increasingly popular target for threat actors. As such, Dragos' latest report focuses in large part on topics like vulnerability management and ransomware.

In addition to an 87% increase in attacks last year, Dragos saw a 60% jump in ransomware groups targeting OT and ICS, from 50 groups in 2023 to 80 in 2024.

Dragos observed an increase in threat actors using remote tools and services like VPN appliances to gain initial access to victim networks, "taking advantage of the lack of basic network security defense principles," the report read. For example, the vendor noticed significant differences in outcomes between ransomware victims that enforced strict network segmentation versus those that did not.

"Of the ransomware incidents Dragos responded to in 2024, victim organizations that enforced strict network segmentation between IT and OT systems and conducted offline backup testing significantly shortened the recovery times and avoided paying the ransom," the report read. "Conversely, organizations that did not employ network segmentation and had poorly secured remote access pathways led to more lengthy recovery times, more involved incident response efforts, more severe production downtime, and increased remediation costs."