Dragos Industrial Ransomware Analysis for the Fourth Quarter of 2025

Q4 2025 saw a material rise in ransomware and data-extortion activity against industrial organizations, with Dragos identifying 1,211 incidents concentrated among mature RaaS operations (Qilin, Akira, CL0P, Everest). Adversaries focused on enterprise IT systems that support OT (ERP, file-sharing, VPNs, identity services), leveraging compromised credentials, exposed remote access, and IAB-provided access to rapidly exfiltrate data and apply extortion pressure; impact was global and heavily skewed toward manufacturing and other low-tolerance-for-downtime sectors.