Dragos Industrial Ransomware Analysis: Q2 2025

Dragos’ Q2 2025 ransomware overview documents 657 incidents against industrial organizations, showing a shifting ecosystem where emerging groups (notably Qilin) and rebranded actors exploited critical vulnerabilities (FortiGate, SimpleHelp, SAP) and adopted advanced TTPs—double-extortion, wiper modes, and ESXi-targeted lockers—while social-engineering and IAB activity increased; the report underscores significant operational impacts to manufacturing and critical infrastructure, law enforcement disruptions, and a heightened risk posture driven by state-aligned operations and continued exploitation of exposed systems.