Global ransomware attacks against critical industries surged by 34% in 2025, according to new research from KELA. The U.S. emerged as the top target, accounting for 21% of global incidents. Nearly half (50%) of these ransomware attacks affected sectors vital to national resilience, including manufacturing, healthcare, energy, transportation, and finance. These trends underscore why ransomware remains a significant threat to national security.
In its report titled ‘Escalating Ransomware Threats to National Security,’ KELA disclosed that 4,701 ransomware incidents were recorded globally between January and September 2025, up from 3,219 during the same period in 2024. Of these, 2,332 attacks, or 50%, targeted critical infrastructure sectors, marking a 34% year-over-year increase in attacks on essential industries. In 2025, half of all ransomware attacks struck critical sectors, ranging from manufacturing and healthcare to finance and transportation, demonstrating how adversaries exploit weaknesses in infrastructure to destabilize societies.
KELA reported that ransomware has evolved from a nuisance affecting individual organizations to a systemic threat to national resilience. A year-over-year comparison highlights the growing scale of attacks targeting critical sectors. Between January 1 and September 1, 2024, a total of 3,219 ransomware incidents were recorded, with 1,745, or 54 percent, affecting critical sectors. During the same period in 2025, the number of ransomware incidents rose to 4,701, with 2,332, or 50 percent, targeting critical sectors such as manufacturing, healthcare, energy, transportation, and financial services.
The manufacturing sector experienced the sharpest growth, with attacks surging 61% compared with the previous year. High-profile incidents included Jaguar Land Rover’s global shutdown and Bridgestone’s production disruptions, illustrating how ransomware can paralyze supply chains and economies. Together, these high-profile breaches underscore how ransomware actors increasingly view manufacturing not just as a means to ransom data, but as a path to critical leverage, knowing that even a short shutdown can ripple through entire industries and economies.
The U.S. remains the epicenter of ransomware activity targeting critical infrastructure, accounting for roughly 1,000 incidents, about 21% of global attacks in 2025, followed by Canada, Germany, the U.K., and Italy. This concentration underscores ransomware’s dual motive to maximize ransom profits in wealthier, digitally mature markets, while testing the resilience of industries central to U.S. national security and global supply chains.
Among 103 active ransomware groups, just five, including Qilin, Clop, Akira, Play, and SafePay, were responsible for nearly 25% of all incidents, highlighting the growing professionalization and consolidation within cybercriminal ecosystems.
“Ransomware operations should be understood not solely as financially motivated attacks but also as tactical instruments, capable of disrupting victim operations while inflicting financial and reputational damage. In critical industries, such disruptions can have national-level consequences, undermining essential operations and eroding public trust,” Lin Levi, threat intelligence team lead, wrote in a Tuesday statement. “To protect critical services, governments and critical industry sectors must prioritize proactive preventative measures and maintain continuous real-time monitoring to detect and respond to cyber threats.”
The implications for national security are profound, impacting multiple facets of society. Attacks targeting manufacturing and financial services have the potential to cripple production lines, disrupt trade, and undermine overall market confidence, ultimately threatening economic stability. In addition, healthcare systems, already under significant strain, face direct risks to patient care, while disruptions to transportation can trigger cascading failures across broader infrastructure, jeopardizing public health and safety.
Moreover, repeated and successful ransomware attacks also erode public trust in both government institutions and the private sector’s ability to defend and protect critical infrastructure, increasing strategic risk.
“While the overall percentage of threats targeting the critical sector is just slightly lower, the overall number still shows a 34% increase in ransomware events against critical industries in just one year,” KELA reported. “Manufacturing, healthcare, and technology stand out as the most targeted industries, with manufacturing seeing the steepest growth in 2025. Ransomware attacks against the manufacturing sector surged from 520 incidents to 838, marking a 61% increase. This spike underscores how increasingly digitized and interconnected manufacturing systems have become prime targets.”
KELA identified that national security in the digital era depends on cyber resilience, the ability of governments, industries, and societies to anticipate, withstand, and recover from escalating cyber threats. Citizens must have confidence that essential services, including energy, healthcare, finance, defense, and even electoral systems, remain reliable and secure amid relentless digital assaults.
To confront the growing ransomware crisis, cyber resilience must become a core pillar of national security strategy. This requires public–private intelligence sharing to detect and disrupt ransomware campaigns earlier, the establishment of sector-specific resilience standards to ensure continuity of operations in healthcare, energy, and transportation, investment in incident response and recovery capabilities to mitigate impact and reduce downtime, and international cooperation to dismantle the cross-border infrastructure that enables these attacks.
With 50% of ransomware attacks in 2025 targeting critical infrastructure, the message is clear that cyber resilience is now a matter of national defense. Governments, industries, and global partners must strengthen defenses together to ensure ransomware cannot continue to threaten the safety, stability, and security of modern society.
