Resecurity: Nuclear energy, oil and gas are top targets for ransomware groups in 2024

Resecurity, Inc., based in the United States, safeguards the world’s foremost financial giants and governmental bodies, revealing an astonishing surge in the number of ransomware operators targeting the energy sector, including nuclear facilities and associated research entities. Last year, ransomware assailants turned their focus to energy infrastructures across North America, Asia, and the European Union. According to the Business Journal, the European Union witnessed more than a doubling of ransomware attacks on the energy sector in 2022, with 21 incidents recorded by October.

Delving into the nuances of ransomware trends cited in the latest Homeland Threat Assessment by the U.S. Department of Homeland Security, Resecurity’s research illuminates this unique landscape. The Department’s report notes, “Between January 2020 and December 2022, the number of known ransomware attacks in the United States increased by 47 percent.” Furthermore, the agency highlighted that “ransomware attackers extorted at least $449.1 million globally during the first half of 2023 and are expected to have their second most profitable year”

Results from the “leaks” command on the Akira ransomware’s TOR site.

The escalation of ransomware attacks targeting the energy sector and critical infrastructure is an alarming trend that cannot be overlooked. With sophisticated entities like BlackCat/ALPHV, Medusa, and LockBit 3.0, among at least a dozen others, intensifying their focus on these high-risk targets, the threat landscape grows increasingly perilous. These threat actors are not acting in isolation; they are bolstered by a thriving ecosystem comprising underground access brokers and tool developers, providing the necessary leverage for penetrating and exploiting fundamental systems within critical infrastructures.

The collaboration between these groups and individual actors underscores the strategic significance of the energy industry, perceived as a goldmine of high-value data, with certain instances of ransom demands exceeding $5,000,000. Resecurity has identified multiple attacks on nuclear operators, a realm of paramount concern for national security.

Looking ahead to 2024, Resecurity analysts anticipate a significant growth in targeted cyber threats, particularly with ransomware groups increasingly prioritizing high-value targets within the energy sector and its supply chain.