High-stakes industries make prime targets: The attacks have been spread across 17 countries, with Thailand and the US being the top targets, followed by Venezuela and India. The Gentlemen ransomware group already has a victim count of 27, with manufacturing and construction industries being the key targets, followed by healthcare, insurance, and others.”These sectors are prime targets due to their high-pressure operational environments and data sensitivity,” said Amit Jaju, senior managing director at Ankura Consulting. “Manufacturing and construction have a low tolerance for downtime, making them more likely to pay to restore OT systems. Healthcare, on the other hand, holds valuable protected health information, and the risk to patient safety creates immense pressure to resolve incidents quickly. Insurance is a strategic target, holding aggregated risk data from thousands of other companies, making it a uniquely valuable data repository.”These sectors have large operational footprints, high-value data, complex network environments, and are often under-resourced in cybersecurity relative to their threat exposure. “The complex supply chains with many vendors, shared credentials, and remote access create a broad attack surface. In addition, they usually have thin IT staffing at plants and branch sites,” said Pareekh Jain, CEO at EIIRTrend & Pareekh Consulting.
Conventional defenses aren’t enough: As ransomware actors are becoming increasingly adaptive to bypass defenses, experts acknowledge that conventional endpoint protection is no longer enough. CISOs must focus on multi-layered resilience, emphasizing zero-trust and least-privilege access to restrict lateral movement.”Behavioral monitoring via advanced EDR/XDR solutions is crucial, as static signatures alone are insufficient. Proactive threat hunting, combined with threat intelligence, helps detect early signs of intrusion and ransomware tools,” Rawat said. Strict vendor and patch management reduces exploitable vulnerabilities, while regular incident simulations and tabletop exercises enhance response readiness and uncover security blind spots.According to Jaju, CISOs must focus on achieving network visibility and segmentation. They should deploy NDR tools to detect lateral movement, and aggressively segment networks to contain breaches and prevent attackers from reaching critical assets like OT systems and backups.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4054790/ransomware-upstart-the-gentlemen-raises-the-stakes-for-ot%e2%80%91heavy-sectors.html
