Global Ransomware Attacks Against Critical Industries Surge 34% in 2025

U.S. Emerges as Top Target, Accounting for 21% of Global Incidents

TEL AVIV, Israel, Oct. 21, 2025 /PRNewswire/ -- KELA, a global leader in cyber threat and exposure intelligence solutions, today released a new report, Escalating Ransomware Threats to National Security, revealing a 34% year-over-year increase in ransomware attacks targeting critical industries between January and September 2025. Nearly half (50%) of all global ransomware incidents struck sectors essential to national resilience — including manufacturing, healthcare, energy, transportation, and finance — underscoring why ransomware is a threat to national security.

"Ransomware operations should be understood not solely as financially motivated attacks but also as tactical instruments, capable of disrupting victim operations while inflicting financial and reputational damage. In critical industries, such disruptions can have national-level consequences, undermining essential operations and eroding public trust," said Lin Levi, Threat Intelligence Team Lead. "To protect critical services, governments and critical industry sectors must prioritize proactive preventative measures and maintain continuous real-time monitoring to detect and respond to cyber threats."

Key Findings from KELA's Report:

• 4,701 total ransomware incidents were recorded globally between January and September 2025 — up from 3,219 during the same period in 2024.
• 2,332 attacks (50%) targeted critical infrastructure sectors, representing a 34% year-over-year increase in ransomware attacks targeting critical industries.
• Manufacturing saw the sharpest growth, with attacks surging 61% year-over-year.
• The United States was hit hardest, experiencing roughly 1,000 attacks, or 21% of all global ransomware activity, followed by Canada, Germany, the U.K., and Italy.
• Out of 103 active ransomware groups, just five — Qilin, Clop, Akira, Play, and SafePay — accounted for nearly 25% of all incidents, reflecting the growing professionalization and consolidation of cybercriminal ecosystems.

The report, Escalating Ransomware Threats to National Security: A Rising Scale of Attacks on Critical Infrastructure Sectors, leverages KELA's platform data and examines the scope of ransomware activity, identifies the most targeted industries and geographies, and profiles the threat actors driving the surge. To download the full report, please visit KELA's website. 

About KELA Cyber

KELA is a leading cyber threat intelligence (CTI) and external attack surface management (EASM) provider, empowering organizations to stop threats before they materialize. With a decade of intelligence powering its data lake, KELA's platform delivers real-time, actionable insights for end-to-end threat exposure reduction. Trusted by global enterprises and government agencies, KELA helps security teams proactively detect, prioritize, and mitigate cyber threats with unmatched precision and speed. Learn more at www.kelacyber.com.

Media Contact:
Nicole Canulla
617-645-6160
403128@email4pr.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/global-ransomware-attacks-against-critical-industries-surge-34-in-2025-302589217.html

SOURCE KELA Cyber