Manufacturing Sector Bears Brunt of Ransomware Surge, New Cybersecurity Report Reveals

Ransomware Attacks Reach Record Levels

Global ransomware activity surged to unprecedented levels during the third quarter of 2025, with manufacturing companies absorbing the heaviest impact, according to recent cybersecurity analysis. BlackFog’s State of Ransomware report covering July through September reveals that publicly disclosed attacks increased by 36% compared to the same period last year, representing a staggering 335% rise since Q3 2020.

Ransomware Attacks Reach Record Levels
Manufacturing Sector Targeted Disproportionately
Quarterly Attack Patterns and Emerging Threats
Data Theft Becomes Standard Practice
Long-Term Trends and Industry Implications

Manufacturing Sector Targeted Disproportionately

The manufacturing industry emerged as the most frequently targeted sector, accounting for 22% of all ransomware incidents, the report indicates. This targeting comes despite the fact that nearly 85% of ransomware attacks went unreported during the quarter, representing a 21% increase in unreported incidents compared to the same period last year.

Analysts suggest that manufacturing companies’ complex supply chains and operational technology systems make them particularly vulnerable to disruption. “From grounded aircraft and stranded passengers to manufacturers forced to halt production, the disruption has been significant,” Dr. Darren Williams, Founder and CEO of BlackFog, stated in the report. He noted that operations at Jaguar Land Rover only recently resumed following an August incident, while numerous smaller suppliers continue dealing with the aftermath.

Quarterly Attack Patterns and Emerging Threats

When examining monthly totals, sources indicate the quarter began with a dramatic 50% spike in July attacks, followed by a 37% increase in August and a 27% uptick in September. The ransomware gang Qilin maintained its position as the most active group, similar to the previous quarter’s findings., according to further reading

However, approximately 40% of reported attacks have not been attributed to any known ransomware group, according to the analysis. The quarter also saw the emergence of 18 new ransomware groups, with newcomer DEVMAN making a significant impact through several high-profile incidents targeting large organizations.

Data Theft Becomes Standard Practice

Data exfiltration has become the dominant tactic for ransomware attackers, with 96% of all disclosed cases involving data theft—the highest level recorded to date. This shift toward comprehensive data theft provides cybercriminals with additional leverage for extortion beyond simply encrypting systems.

As ransomware volumes show a continued upward trend, cybersecurity experts recommend that organizations focus on making themselves harder targets. “The best option for organizations is to make it as hard as possible for cybercriminals to take advantage of them,” Williams advised. “That means protecting data so that they have no leverage for extortion and, critically, no incentive to return.”

Long-Term Trends and Industry Implications

The report’s findings underscore a five-year pattern of escalating ransomware threats across all sectors, with the manufacturing industry now facing particularly intense pressure. The combination of increased attack frequency, more sophisticated tactics, and higher rates of data theft suggests organizations must prioritize comprehensive cybersecurity strategies that address both prevention and response capabilities.

BlackFog’s complete State of Ransomware report for July-September 2025 provides additional details on sector-specific trends, geographical distribution of attacks, and recommended defensive measures for organizations seeking to bolster their cybersecurity posture.