Ransomware Attacks Surge in Q2 2025 Driven by Hacktivism Trends

Ransomware attacks targeting industrial entities saw a slight decline in the second quarter of 2025, which, while a positive development, still raises concerns due to the overall high number of incidents. Operational technology security firm Dragos reported tracking 657 ransomware incidents in the April to June period, a decrease from 708 in the previous quarter. Despite the overall drop, three regions experienced an uptick in attacks, with Europe leading the increase, rising from 135 incidents in the first quarter to 173 in the second. The Middle East also saw a rise, with incidents increasing from 11 to 17, while Africa recorded a modest increase from three to five incidents.

The manufacturing sector remained the most targeted, accounting for 65 per cent of all ransomware incidents. In contrast, attacks on the electricity sector significantly decreased, with only three incidents reported in the second quarter compared to 15 in the first. The ongoing Israel-Iran conflict has prompted hacktivist groups to deploy ransomware against targets in the United States and Israel, while Iranian ransomware groups have incentivised affiliates with higher payouts to target the regime’s adversaries. Additionally, significant law enforcement efforts, such as Operation Endgame 2.0, have led to the dismantling of critical ransomware infrastructure by a coalition of European agencies. 

Categories: Ransomware Incidents, Regional Trends, Sector Vulnerabilities 

Tags: Ransomware, Attacks, Entities, Security, Incidents, Manufacturing, Sector, Europe, Infrastructure, Law Enforcement