Report: Ransomware Decreased by 13% in August
Industrial Automation Systems Remain a Prime Target
Ransomware attacks have stayed below 500 for five consecutive months, highlighting ongoing cyber risks for industrial automation. August recorded 328 incidents, a 13% decrease from July. However, these numbers remain comparable to the same period last year, signaling that PLCs, DCS, and control systems still face persistent threats.
Top Affected Sectors in Factory Automation
The industrial sector suffered most in August, with 121 attacks, up 10% from July, representing 37% of global incidents. Consumer Discretionary followed with 66 attacks, and Information Technology systems had 31 attacks. Notably, the breach of Miljödata, which manages IT for 80% of Swedish municipalities, disrupted HR operations across 200 local governments, showing how attacks can cascade through automation-dependent operations.
Regional Distribution of Cyber Threats
North America and Europe experienced over 81% of all ransomware events, while Asia accounted for 9% and South America 4%. This distribution reflects where industrial automation and factory automation networks are most concentrated. Organizations in these regions must prioritize cyber resilience, particularly for control systems and PLC networks.
Rising Threat from Qilin and Other Groups
Qilin led ransomware activity in August with 16% of attacks (53 incidents), climbing from joint second place in July. Safepay and Akira also maintained high activity, with 26 and 43 attacks, respectively. These organized groups increasingly target industrial automation infrastructure, demonstrating sophisticated planning and coordination.
Collaborative Attacks Using Ransomware-as-a-Service (RaaS)
Scattered Spider exemplifies the trend of collaboration by leveraging RaaS operators like ALPHV, RansomHub, DragonForce, and Qilin. By outsourcing technical deployment, Scattered Spider focuses on advanced social engineering, increasing disruption across factory automation and control systems. Such alliances allow attackers to maintain operations even if law enforcement disables one group. Therefore, companies must consider coordinated threat scenarios when designing PLC and DCS security measures.
Geopolitical Tensions Influence Cyber Risks
Global trade friction, including US tariffs on Indian imports, may indirectly fuel cybercrime. Historically, industrial threat actors exploit political volatility to target international supply chains. Industrial automation networks, including factory control systems, remain vulnerable to attacks leveraging these geopolitical gaps.
Expert Insights on Cybersecurity in Industrial Environments
Matt Hull, Head of Threat Intelligence at NCC Group, emphasizes: “Even as monthly attack volumes appear moderate, the complexity of collaborative ransomware activity demands robust cyber resilience. Industrial automation systems require proactive defenses, integrating PLC, DCS, and factory network protections.” Implementing continuous monitoring and employee awareness programs can reduce operational risks.
Application Scenarios in Industrial Automation
Industrial facilities can adopt layered cybersecurity measures for PLCs and DCS networks. This includes network segmentation, endpoint monitoring, and secure remote access protocols. Factories employing automation should also integrate incident response drills, simulating ransomware attacks to ensure operational continuity.
Report: Ransomware Decreased by 13% in August