Ransomware assaults are being driven by handheld methods, according to CrowdStrike's assertions.
In the digital landscape of 2024 and 2025, ransomware attacks have surged, marking a significant escalation in cybercrime. According to various reports, this year is set to be "the highest-grossing year yet for ransomware payments."
The technology sector, for the seventh consecutive year, was the most frequently targeted industry. This trend is particularly evident in the increase of interactive intrusions, which grew by 55% in the last year, according to CrowdStrike's threat hunting report.
One of the key drivers behind this surge is the targeting of large businesses. Much of the increase in ransom payments is due to attacks against technology firms and their customers, which often cascade downstream, amplifying the potential impact of cyberattacks.
In 2023, a total of $1.1 billion in ransom payments were tracked. This figure rose in the first half of 2024, with victim organizations paying a collective $460 million in extortion demands to ransomware groups. The trend continued into 2025, with ransomware payments up 2% from the first half of last year.
The largest ransom payment ever recorded was made in 2024, amounting to $75 million. Between May 2022 and June 2023, ransomware victims in the U.S. paid $1.5 billion in ransoms. The median ransom payment to threat groups using the most damaging ransomware variants jumped from under $200,000 in early 2023 to $1.5 million in mid-June.
Government agencies have seen a 65% increase in ransomware attacks in the first half of 2025 compared to the same period in 2024. This surge makes governments the dominant target sector, outpacing healthcare and education, which have experienced much smaller increases or declines. Despite bans on ransom payments by some governments, attackers continue exploiting these targets due to the high-profile nature and data sensitivity of public sector institutions.
The oil and gas sector has also been a major target, experiencing a dramatic 935% surge in ransomware attacks between April 2024 and April 2025. This is linked to increased automation and digitization of their industrial control systems, broadening their vulnerability surface.
Other heavily targeted industries include manufacturing, information technology, professional goods and services, healthcare, and education. These industries often hold sensitive data or are critical to operational continuity, making them lucrative for ransomware actors.
Geographically, the United States remains the primary target for ransomware, with over 235 victims recorded in June 2025 alone.
In summary, the trend over the last year highlights a notable escalation in ransomware attacks, driven by increasing digital attack surfaces, strategic targeting of sectors crucial to national infrastructure and economy, and ransomware actors’ adaptation toward data theft and public notoriety. Governments and energy sectors are particularly affected, with manufacturing and healthcare also facing significant threat activity.
[References] [1] Mandiant, 2025. "Mandiant M-Trends 2025: A Year in Review." Mandiant. [2] Chainalysis, 2025. "Financially-Motivated Criminal Activity in Cryptocurrency Exchanges." Chainalysis. [3] CrowdStrike, 2025. "2025 Global Threat Report." CrowdStrike. [4] McAfee, 2025. "McAfee Labs Threats Report: April 2024 – June 2025." McAfee.
- In the realm of cybersecurity, threat intelligence reports have noted a significant correlation between the surge in ransomware attacks and the increasing digitization of industries like finance, technology, and oil and gas.
- The escalation in ransomware attacks has been particularly prevalent in critical sectors such as the government, oil and gas, and healthcare, with ransomware payments in these areas increasingly high, often being in the millions of dollars.
- As a result, the finance and technology sectors, which have been the most frequently targeted industries for seven consecutive years, are now bolstering their cybersecurity measures to counteract the rising threat of ransomware, understanding the potential financial and reputational damage that can arise from these attacks.
