Ransomware Groups Targeting Industrial Systems Surge 49% in 2025

Ransomware attacks on industrial firms surge in 2025, exploiting VPNs and stolen credentials, warns Dragos. Manufacturing hit hardest.

By Content Team

Feb 18, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals are increasingly targeting industrial organizations, with 119 ransomware groups tracked in 2025 compared to 80 in 2024, according to Dragos researchers. Over 3,300 industrial organizations worldwide were hit by ransomware attacks, nearly double the 1,693 affected in 2024.

Manufacturing led as the most targeted sector, followed by transportation, oil and gas, electricity, and communications. Attackers primarily exploited remote-access portals like VPNs using stolen credentials obtained through phishing, malware, or dark web purchases.

The average "dwell time" before ransomware deployment was 42 days, allowing criminals to move quietly between IT and operational technology systems. One group used compromised VPN access to target SCADA virtual machines, causing operational delays despite not directly touching industrial equipment.

Dragos CEO Robert M. Lee warns that without comprehensive monitoring, future technologies like AI and distributed energy will create even greater security blind spots.

Source: Infosecurity Magazine

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

What to Do When You Get a Data Breach Notice

Mar 4, 2026

Ivanti Zero-Days Hit European Governments in Fresh Attack Wave

Feb 13, 2026

Hackers Using Windows Screensavers to Bypass Security and Install Malware

Feb 5, 2026

French Soccer Federation Suffers Data Breach Affecting Member Information

Nov 29, 2025