Ransomware has become a major threat to the transport sector in the European Union over the past few years. European Cyber ​​Security Agency ENISA expects ransomware groups to prioritize disrupting operating technology systems in the future (OT) in many European countries.

According to new report ENISA, the total number of cyberattacks targeting aviation, maritime, rail and road transport organizations between January 2021 and October 2022 has increased significantly. Moreover, most of the attacks fell on ransomware.

Ransomware attacks compromise target systems, inject malware to encrypt files, often duplicating the original files on their servers, and then demand a ransom in exchange for keys decryption and confidentiality of stolen data.

Incident data collected up to October of last year indicates an increase in reports of ransomware attacks. The total number of ransomware attacks reported in the transport sector has grown from 13% in 2021 to 25% in 2022.

ENISA analysts believe that OT systems in the transport sector will become direct targets of ransomware due to many factors, including the growing number of vulnerabilities in ICS, as well as the significant impact of such attacks on business and society. The critical role of transport infrastructure in the life of countries increases the chances that hackers will be paid the desired ransom.

“Financial gain, operational disruption and espionage were the main identified motives for the observed attacks. The transport sector is considered a lucrative business for cybercriminals as customer data is considered a commodity and contains highly sensitive sensitive information when the transport supply chain is targeted,” ENISA notes.

Aviation was the most targeted sector (accounting for 28% of attacks), followed by road transport (24%), rail transport (21%) and maritime transport (18%).

The main targets of the attacks were transport authorities, railway companies, port operators, airlines, airport operators, ground transport operators. The ENISA report provides a complete breakdown of observed attacks by sector and attacker motive.