Dive Brief:
- Ransomware attacks surged 46% across energy, manufacturing and other industrial sectors from Q4 2024 to Q1 2025, according to a recent report from Honeywell, which identifies cybersecurity threats that try to breach its customer’ systems.
- Honeywell reported 2,472 ransomware victims in Q1, representing 40% of the annual total from 2024. The company also noted a 3000% spike in activity over the previous period from a banking sector trojan, W32.Worm.Ramnit, designed to steal credentials from industrial operators.
- During the reporting period, Honeywell identified 1,929 publicly documented ransomware attacks. Of that total, 71% occurred in eight verticals, with manufacturing, construction, healthcare and technology companies seeing the most impact.
Dive Insight:
Ransomware attacks, a cybercrime that often involves a ransom payment from victims to restore their encrypted data, tend to be evenly distributed across different industries. However, Honeywell noted that attacks on agriculture and food production companies are exponentially growing.
“Industrial operations across critical sectors like energy and manufacturing must avoid unplanned downtime as much as possible — which is precisely why they are such attractive ransomware targets,” Paul Smith, director of Honeywell Operational Technology Cybersecurity Engineering, said in a statement.
“These attackers are evolving fast, leveraging ransomware-as-a-service kits to compromise the industrial operations that keep our economy moving,” added Smith, who authored Honeywell’s report.
Fortune 500 companies are collectively losing an estimated $1.5 trillion each year to unplanned downtime from cybersecurity attacks, equipment failure and other issues, according to a 2022 Siemens report. In other words, they are losing 11% of their annual revenues, up from 8% in 2020.
Of the 1,929 publicly documented ransomware attacks identified by Honeywell, most occurred in manufacturing or construction, with each sector accounting for 21% of the attacks. Healthcare accounted for 17%, while energy and agriculture and food production sectors each accounted for less than 8% of the attacks.
The Food and Agriculture-Information Sharing and Analysis Center, which monitors cyber threats and offers activity analysis for the food and agriculture sector, saw attacks more than double from 40 in Q1 2024 to 84 a year later. The ransomware contributing most to the increase is CL0P, which is operated by Russian-speaking cybercriminal group TA505.
“While the sector continues to experience ransomware attacks, much of the targeting still appears to be opportunistic,” the Food and Ag-ISAC wrote in a recent blog. “Many of the groups targeting the sector have targeted other sectors at an equal or greater rate, and there are no specific patterns seen in the victimology.”
