Ransomware attacks escalated significantly in 2025, with more than 4,700 recorded cases worldwide between January and September, representing a sharp increase compared to the same period in 2024. Almost half of these attacks targeted critical infrastructure sectors, including manufacturing, healthcare, and energy, which have become high-value targets due to their operational dependence on connected systems and limited ability to tolerate downtime. The manufacturing sector alone experienced a 61 percent rise in incidents, with threat actors exploiting outdated systems, weak segmentation, and limited visibility in industrial networks. Healthcare providers and energy companies were also heavily impacted, often through third-party service providers, leading to data theft, operational disruptions, and prolonged recovery times.

The United States remained the most targeted country, accounting for roughly one-fifth of all global ransomware activity, followed by Europe and parts of Asia. A small cluster of highly organized ransomware groups was responsible for a disproportionately large share of these incidents, indicating consolidation within the cyber-extortion ecosystem. Attackers increasingly combined encryption with data theft and public extortion tactics to pressure victims into payment. The growing focus on critical sectors has transformed ransomware from a criminal enterprise into a geopolitical and national security issue, emphasizing the urgent need for stronger supply chain security, network segmentation, and coordinated response strategies to protect essential services and infrastructure.

‍

Source: https://industrialcyber.co/reports/half-of-2025-ransomware-attacks-hit-critical-sectors-as-manufacturing-healthcare-and-energy-top-global-targets/