Manufacturing Is the Most Targeted Sector in Ransomware. By a Wide Margin.

Executive summary: In 2025 ransomware activity against manufacturing surged—global incidents rose 32% to 7,419 and manufacturing victims increased 61%—with Qilin, Akira, and Play identified as the most active groups; the report highlights a shift toward data extortion, frequent IT-to-OT cascades that halted production (e.g., Asahi, Nucor, Masimo), and persistent exploitation of unpatched systems and credential abuse that disproportionately impacts SMB manufacturers.