Unexpected increase in ransomware attacks targeting oil and gas companies
The oil and gas industry faced a significant surge in ransomware attacks between April 2024 and April 2025, according to a new report by cybersecurity firm Zscaler. The report indicates a 935% increase in such attacks during this period, with RansomHub, Akira, and Clop emerging as the most active ransomware groups targeting the industry.
RansomHub led the pack with 833 publicly named victims, followed by Akira with 520 and Clop with 488 victims. The surge in attacks is attributed to the increasing automation and digitization of industrial control systems in the sector, which expands the attack surface for cybercriminals.
Manufacturing, Information Technology, and Healthcare remain the most targeted sectors overall, but the oil and gas industry saw the fastest growth in attacks. The United States accounted for half of all ransomware attacks globally, with U.S. targets experiencing over 3,600 incidents between April 2024 and April 2025, more than doubling from previous years.
The report highlights a shift by ransomware actors from traditional encryption-only attacks to data extortion. The volume of data stolen by ransomware actors increased by 92% between April 2024 and April 2025, reaching 238 terabytes. This shift increases pressure on victims, who often face the threat of having their stolen data released publicly if they do not pay the ransom.
Attack campaigns are more targeted and efficient, boosted by the use of generative AI for crafting phishing and malware. Ransomware groups like Clop have found success targeting widely used but vulnerable third-party software to conduct supply-chain attacks.
Public cases of extortion increased by 70% year over year, according to the report. The report also identifies 34 new ransomware groups that emerged during the survey period, bringing the total number tracked by the company to 425.
Corporate stakeholders are seeking to better understand the risk calculus of their technology stacks, with a particular focus on whether they are a potential target for ransomware attacks. The report provides insights into the ransomware ecosystem, including the most active groups and dominant strategies.
The increase in ransomware attacks on the oil and gas industry may be due to the sector's increasing automation and digitization, expanding its attack surface. Technologies pervasive across enterprises, such as internet-facing applications, can be discovered through basic scanning techniques, making them potential targets for cybercriminals.
The report from Zscaler serves as a reminder for corporations to prioritize cybersecurity measures to protect against these increasingly sophisticated attacks. By understanding the risk landscape and implementing robust security measures, corporations can better safeguard their operations from the threat of ransomware.
Read also:
- Tesla is reportedly staying away from the solid-state battery trend, as suggested by indications from CATL and Panasonic.
- California links 100,000 home storage batteries through its Virtual Power Plant program.
- Financial regulatory body examines potential instability of Decentralized Finance (DeFi) and cryptocurrencies as they approach a significant growth milestone, known as "critical mass".
- Online Advertising Consent Framework Faced with Significant Ramifications According to Belgian Data Protection Authority's Decision
