Manufacturing Continues to be Hit the Hardest

Report shows more than 20% of all ransomware attacks targeted a manufacturer.

Ransomware
October 22, 2025

BlackFog recently shared findings from its analysis of global ransomware activity from July to September 2025. The findings show that publicly disclosed attacks continued to set new records, with a 36% increase compared to the same quarter last year. These numbers also represents a 335% increase since Q3 2020, underscoring the continued rise in ransomware attacks over the last five years. 

Furthermore, when monthly totals were compared to previous years, BlackFog found:

  • A 50% spike in July.
  • A 37% increase in August.
  • And a 27% uptick in September.

Similar to the second quarter report, the ransomware gang Qilin was the most active, although it's worth noting that approximately 40% of reported attacks have not been attributed to any known ransomware group yet. The quarter also saw the emergence of 18 new ransomware groups, several linked to high-profile incidents targeting large organizations. Among these, the newcomer DEVMAN made a significant impact.

When looking at attacks that are not disclosed publicly, the manufacturing sector was hit hardest, accounting for 22% of all incidents. In Q3 nearly 85% of all ransomware attacks went unreported, representing a 21% increase over the same period last year. 

Data theft remains the dominant tactic used by attackers, with 96% of all disclosed cases involving data exfiltration, marking the highest level recorded to date. 

Commenting on the findings, Dr. Darren Williams, Founder and CEO of BlackFog, said: “From grounded aircraft and stranded passengers to manufacturers forced to halt production, the disruption has been significant. Operations at Jaguar Land Rover, for instance, only recently resumed following the August incident, while numerous smaller suppliers are still counting the cost.

"As ransomware volumes show a continued upward trend, the best option for organizations is to make it as hard as possible for cybercriminals to take advantage of them. That means protecting data so that they have no leverage for extortion and, critically, no incentive to return.” 

BlackFog’s State of Ransomware report for July–September 2025 can be accessed here.

Related Stories
Phishing Tadamichi
Cybersecurity
Inside the Growth of Insider Threats
Encryption
Cybersecurity
Next-Gen Data Protection Strategies
People Cyber Metamorworks
Cybersecurity
Strength Under Fire
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
The Usual Suspects
More in Cybersecurity
Cybersecurity
Automotive Ransomware Attacks More Than Doubled in 2025
More AI, expanded autonomous technologies and evolving threat actors are elevating cyber risks.
Automobile Cockpit, Various Information Monitors And Head Up Displays
Cybersecurity
SBOM Regs Rolled Back
The two Biden-era memoranda required agencies to obtain software security attestations before deployment.
Us Binary Flag Mirsad Sarajlic
Cybersecurity
Threats Targeting Employee Credentials Surge 389 Percent
Credentials are being stolen in as little as 14 minutes.
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Shadow AI Threats Grow
Productivity pressures are pushing many to bypass safeguards, increasing exposure to data leaks.
Insider Threat Leo Wolfert
Cybersecurity
Report Shows AI-Enabled Threats As Top Concern
AI could help hackers take greater advantage of visibility shortcomings.
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
The Domino Effect of a Data Breach
Here are some strategies to detect breaches faster and limit their capacity for damage.
Coding
Cybersecurity
AI Won’t Replace the Cybersecurity Workforce, But It Will Redefine It
AI is framed as a multi-faceted solution, but the conversation often goes off course.
Ai Your Photo
Cybersecurity
Security Breach: Strengthening Your Weakest Links
All the little things can kill a cybersecurity strategy, but there are ways to tie them all together.
Ep157
Cybersecurity
The Rise of Identity and Data Security Dependency
Predictions on what will shape industrial cybersecurity in 2026 and beyond.
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Securing the Edge in AI-Enabled Smart Factories
Growing data needs have manufacturers between a rock and a hard place.
Sase Supatman
Cybersecurity
How AI Is Transforming Cybersecurity Threats in 2026
Social engineering, deep fakes and more will benefit from the evolution of artificial intelligence.
Deepfake Orhan Turan
Cybersecurity
Inside The Mind of a Hacker
The report details how hackers are moving to a more collaborative, AI-enhanced approach.
General Cyberattack
Page 1 of 55
Next Page