There was an increase in ransomware incidents affecting industrial entities worldwide in Q3 2025, with 742 such cases identified by cyber specialist Dragos. This is an increase from the 708 incidents documented in Q1 and the 657 incidents documented in Q2 2025.

North America was the most targeted region in Q3, followed by Europe, which experienced a slight decrease in incidents overall. Asia was the third most impacted region, with an increase in incidents in Q3, with Thailand accounting for the majority.

Manufacturing remained the most impacted sector, accounting for 72% of incidents recorded in Q3. The top manufacturing subsector impacted by ransomware was construction, accounting for 142 of the 532 manufacturing incidents in Q3. The global electric/renewables sector saw an increase from 3 incidents in Q2 to 16 in Q3. Similarly, government organisations saw a rise from 4 incidents in Q2 to 35 in Q3.

Abdul Alamri, senior intel analyst at Dragos, said: “Ransomware activity targeting industrial organisations is expected to intensify as adversaries increasingly focus on the IT systems that underpin OT operations. ERP platforms, MES servers, virtualization environments, and remote access infrastructure will continue to serve as high-value targets because disruption at this layer can rapidly translate into delays, shutdowns, and supply-chain impact without requiring access to ICS networks. This trend will remain central to the threat landscape through 2025 as attackers seek the greatest operational leverage with the least technical overhead.”

He added that AI is also expected to play a growing role in the evolution of ransomware operations: “AI-assisted phishing, automated reconnaissance, and evasion techniques will reduce dwell times and enable even low-skilled operators to achieve intrusion outcomes previously associated with more sophisticated adversaries. As these capabilities become more accessible, the operational tempo and impact of ransomware campaigns will continue to rise.”

---