Dragos Industrial Ransomware Analysis: Q1 2025

Q1 2025 Dragos ransomware landscape: Dragos observed 708 ransomware incidents impacting industrial sectors worldwide, driven by a surge in exploit-driven campaigns (notably Cl0p exploiting Cleo MFT), emergence of new groups (FunkSec, Lynx, DragonForce), and advanced TTPs including AI-enhanced phishing, encryption-less extortion, credential theft, EDR evasion, and active exploitation of zero-day and file-transfer vulnerabilities (CLFS, Cleo, CrushFTP), resulting in substantial operational and supply-chain impacts to manufacturing, transportation, and critical infrastructure.