Increasing frequency, new threat groups emerging, the rise of ransomware-as-a-service (RaaS) attack model, and third-party attacks are just a few of the dangerous trends Trustwave SpiderLabs details in Energy and Utilities Sector Deep Dive: Ransomware Trends.
This report supplements the just released 2025 Trustwave Risk Radar Report: Energy and Utilities Sector. This broader and more comprehensive report analyzes the energy and utilities sector’s major threats and trends.
As noted in the report, criminals are often at the forefront of trying new ideas to obtain their nefarious goals. This process is particularly true when it comes to the energy and utilities sector because the potential financial payout from a successful attack can be massive. Or, if a group is motivated by other factors, say inflicting damage on an enemy, then taking down an organization in this sector would be of prime importance.
New Faces, Old Threats
Trustwave SpiderLabs tracked an 80% increase in ransomware attacks in 2024, compared to the prior year in this sector, with spikes occurring at the end of 2023 and the first half of 2024.
The latter half of 2024 did see a decline in the number of attacks. During the same period, Trustwave SpiderLabs noted the threat groups conducting the majority of the attacks switched from LockBit to Hunters International and Qilin.
A US-UK law enforcement action did disrupt LockBit’s operation in February 2024.
The report covers the increasing role RaaS plays and its ability to give low-tech criminals the tools to conduct sophisticated attacks.
The report also noted how threat groups increasingly target suppliers and service providers fundamental to the energy and utilities sector. This shift in targeting is partially due to third-party organizations often having less experienced cyber defenses and, thus, are more susceptible to attack.
Mitigations
The report concludes with a list of mitigations energy and utility companies can undertake to boost their security levels. These include implementing multi-factor authentication, employee training, complying with regulatory standards, and having a robust software patching plan.
Please download this companion report along with the following:
