SecurityWeek reports that the industrial sector has been primarily infected with the Win32.Worm.Ramnit, Trojan.scar/shyape, Trojan.lokibot/stealer, and Win32.Worm.Sohanad malware between October 2024 and March 2025.
Most dominant of the malicious strains was the Ramnit banking trojan, whose infections rose by 3,000% between the second and final quarters of 2024, according to an analysis from Honeywell. Such a meteoric rise in Ramnit malware compromise of industrial ecosystems following the absence of infections during the first quarter of 2024 was regarded by Honeywell OT Cybersecurity Engineering Director Paul Smith to be indicative of the malware's repurposing to target industrial control system credentials. "With the current trend and Ramnit being the leader for the last three quarters, one has to wonder if this is a directed attack or simply an efficient credential extraction tool that is easily distributed," said Smith, who wrote the report.
Most dominant of the malicious strains was the Ramnit banking trojan, whose infections rose by 3,000% between the second and final quarters of 2024, according to an analysis from Honeywell. Such a meteoric rise in Ramnit malware compromise of industrial ecosystems following the absence of infections during the first quarter of 2024 was regarded by Honeywell OT Cybersecurity Engineering Director Paul Smith to be indicative of the malware's repurposing to target industrial control system credentials. "With the current trend and Ramnit being the leader for the last three quarters, one has to wonder if this is a directed attack or simply an efficient credential extraction tool that is easily distributed," said Smith, who wrote the report.
