Ransomware incidents affecting industrial organizations reached significant levels in the third quarter of 2025, with a reported 742 total cases worldwide, marking a continued upward trend compared to earlier quarters. Manufacturing stood out as the most heavily targeted sector, accounting for approximately 72 percent of all observed industrial ransomware activity, driven largely by attacks on subsectors such as construction, equipment manufacturing, and food and beverage producers. North America remained the most impacted region, followed by Europe and then Asia, where increases were observed in several countries. The persistence of ransomware in industrial ecosystems reflects attackers’ focus on environments where disruptions to production and supply chains can cause substantial operational and financial consequences.

The ransomware landscape within industrial contexts is shaped by a mix of established ransomware-as-a-service (RaaS) operations, a proliferation of lower-discipline threat actors, and emerging identity-centric extortion groups that exploit both IT systems supporting OT workflows and traditional operational technology targets. These dynamics indicate that adversaries are not only encrypting data but also leveraging broader enterprise footholds to exert pressure on victims, particularly where downtime or data compromise can have cascading effects on critical operations. As a result, organizations face a complex mix of technical and process-oriented challenges in defending against ransomware, underscoring the need for robust visibility, proactive mitigation, and incident response preparedness.

‍

Source: https://industrialcyber.co/threats-attacks/ransomware-surge-intensifies-across-industrial-sectors-with-manufacturing-accounting-for-72-of-q3-cases/