I Need IT Support Now
Managed IT Houston Cybersecurity
Shane

Breaking Down the Dragos 2025 OT/ICS Cybersecurity Report: What Houston Energy & Manufacturing Companies Need to Know

Strengthening Industrial Resilience: Key Takeaways from the Dragos Report

Report Findings
Ransomware Against Factories and Utilities Jumped 87% in a Year. Most Attacks Shut Down Operations.

The Dragos 2025 OT/ICS report logged 1,693 industrial ransomware attacks - and three in four that Dragos handled took operations offline. Here is what Houston energy and manufacturing should know.

TL;DR
Dragos, an industrial-cybersecurity firm, released its 2025 OT/ICS report (its 8th annual review of the prior year). The headline: ransomware against industrial organizations rose more than 87%, with 1,693 attacks recorded, and North America absorbed 58% of them. The impact is what stands out - of the ransomware incidents Dragos responded to, 75% caused at least a partial shutdown of operational technology and 25% a full shutdown. Manufacturing was the most-hit sector. Dragos also flagged two new OT threat groups (GRAPHITE and BAUXITE, the latter linked to the pro-Iran CyberAv3ngers), new industrial malware (Fuxnet and FrostyGoop, both tied to the Russia-Ukraine conflict), and that most industrial vulnerabilities sit deep inside networks. For energy and manufacturing, the fix is the SANS ICS 5 Critical Controls: an OT incident-response plan, defensible architecture, OT monitoring, secure remote access, and risk-based patching.

Industrial ransomware is not just rising - it is increasingly taking operations offline, which for a factory or utility means real-world downtime.

Dragos specializes in operational technology - the systems that run factories, pipelines, and power grids. Its yearly report is the most-watched read on industrial threats, and the 2025 edition, covering 2024, describes attackers who now understand industrial operations and are willing to disrupt them. For Houston's energy and manufacturing base, that is not abstract.

The number that matters: of the ransomware incidents Dragos responded to, three in four caused at least a partial shutdown of operational technology.

The Headline Findings

More attacks, hitting harder, concentrated in North America.

Industrial ransomware rose 87% to 1,693 attacks, most causing operational shutdowns, with North America absorbing well over half.

DRAGOS 2025 OT/ICS BY THE NUMBERS +87% industrial ransomware 1,693 attacks on industry 75% caused an OT shutdown 58% hit North America
Headline findings from the Dragos 2025 OT/ICS report (2024 data).

Manufacturing was the single most-targeted sector, and the most active ransomware groups against industry were RansomHub, Fog, and LockBit3.0. Dragos also noted a worrying blend of hacktivism and ransomware, with politically motivated groups adding extortion to their playbook.

Who and What Is Attacking

New threat groups, new industrial malware, and vulnerabilities buried deep.

Dragos flagged two new OT threat groups and two new pieces of industrial malware - and most industrial vulnerabilities sit deep inside networks.

  • New threat groups. Dragos added GRAPHITE and BAUXITE to its tracking - BAUXITE overlaps with the pro-Iran CyberAv3ngers persona - bringing the total to 23 groups, 9 of them active in OT during 2024.
  • Purpose-built malware. Two new industrial malware families appeared, both tied to the Russia-Ukraine conflict: Fuxnet, which disrupted sensors in Moscow, and FrostyGoop, which altered controller readings and knocked out heating for over 600 apartment buildings in Ukraine during winter.
  • Vulnerabilities run deep. Around 70% of industrial vulnerabilities sit deep in the network, and Dragos tracks 104 DLL hijacking flaws in industrial software - the kind that let attackers gain access and persist.
  • Noisy advisories. Roughly 22% of vulnerability advisories contained incorrect data, making it harder for teams to prioritize the ones that matter.

The common thread: attackers increasingly understand industrial processes, not just IT - which is why generic security is not enough for OT.

How to Respond

Dragos points to five controls that do the most for OT.

The SANS ICS 5 Critical Controls give energy and manufacturing a focused, high-impact defense plan.

  • OT incident response plan. A plan built for industrial systems - not a copy of your IT plan - that assumes attackers reach deep into operations.
  • Defensible architecture. Annual attack-surface review, prioritizing the network gateways and remote-access points (VPN, RDP, SSH) attackers target first.
  • OT visibility and monitoring. Monitoring built for industrial protocols, to catch the subtle moves before they cause damage.
  • Secure remote access. Tight controls, logging, alerting, and MFA on vendor and remote access to OT.
  • Risk-based vulnerability management. Prioritize the flaws that could cause loss of view or loss of control, not just the highest scores.

Run OT or ICS in the Houston Area?

CinchOps assesses your industrial attack surface, segments IT from OT, and adds OT-aware monitoring - so an 87% surge does not become your downtime.

Talk to CinchOps
100% Free

Free Cybersecurity Assessment

Would industrial ransomware take your operations offline? Get a FREE review of your OT security and remote access.

Get Your Free Assessment

In IT, ransomware costs you data and time. In OT, it can stop a production line or a utility - which is why 75% of these incidents caused a shutdown. That is the difference energy and manufacturing owners have to internalize: the target is not just your files, it is your operations.
Shane Stevens, CEO, CinchOps - LinkedIn

Security Built for Industrial Operations

CinchOps helps Houston-area energy and manufacturing businesses secure OT and ICS - attack-surface assessment, IT/OT segmentation, OT monitoring, and secure remote access - as part of our cybersecurity and managed IT services.

Explore CinchOps cybersecurity →

How CinchOps Helps Secure Your Business

CinchOps is a Katy, Texas managed IT services provider serving businesses across the Houston metro, aligning industrial defense with the Dragos report's recommendations.

  • OT security assessments. Finding exposed assets, vulnerable systems, and attack paths into your operations.
  • IT/OT segmentation. Network design that stops lateral movement and contains an intrusion.
  • OT-aware monitoring. Visibility into industrial protocols to catch anomalous behavior.
  • Secure remote access. Logged, alerted, MFA-protected access for vendors and staff.
  • OT incident response planning. Tested plans built for industrial recovery, not just IT.

Do not wait for a shutdown to build your OT defenses. Contact CinchOps to protect your industrial systems.

Frequently Asked Questions

What is the Dragos 2025 OT/ICS report?

It is Dragos's 8th annual OT/ICS Cybersecurity Year in Review, covering 2024. Dragos is an industrial-cybersecurity firm, and the report is widely regarded as the most detailed look at threats to operational technology and industrial control systems.

How much did industrial ransomware rise?

Ransomware against industrial organizations rose more than 87% year over year, with 1,693 attacks recorded. North America absorbed 58% of them, and manufacturing was the single most-targeted sector.

Why is OT ransomware more serious than IT ransomware?

Because it can stop physical operations. Of the ransomware incidents Dragos responded to, 75% caused at least a partial shutdown of operational technology and 25% a full shutdown - meaning halted production or disrupted services, not just lost files.

What are the new threats the report flagged?

Two new OT threat groups, GRAPHITE and BAUXITE (BAUXITE linked to the pro-Iran CyberAv3ngers), and two new industrial malware families, Fuxnet and FrostyGoop, both connected to the Russia-Ukraine conflict. FrostyGoop knocked out heating for over 600 apartment buildings in Ukraine.

How should industrial businesses respond?

Dragos recommends the SANS ICS 5 Critical Controls: an OT-specific incident response plan, defensible architecture, OT visibility and monitoring, secure remote access with MFA, and risk-based vulnerability management focused on loss of view or control.

Discover More

Sources

Take Your IT to the Next Level!

Book A Consultation for a Free Managed IT Quote

281-269-6506