Ransomware isn’t slowing down – it’s accelerating.
The IT-ISAC’s newly released 2025 Annual Ransomware Report shows a sharp increase in attacks across critical infrastructure sectors, with the IT sector seeing some of the most dramatic growth. In 2025, IT-ISAC tracked 6,351 total ransomware attacks, including 746 incidents targeting the IT sector – up significantly from 300 IT-sector incidents in 2024 .
Threat actors are increasingly focused on “one-to-many” supply chain attacks, compromising a single platform to impact downstream customers. Qilin emerged as the most active ransomware group in the IT sector, alongside CL0P, Akira, Play, and INC Ransom.
The report also highlights rapid exploitation of newly disclosed vulnerabilities and a continued shift toward encryptionless extortion and cloud-focused attacks.
Looking ahead to 2026, IT-ISAC warns that supply chain targeting, SaaS exploitation, and zero-day weaponization will remain central to the threat landscape.
The full ransomware report is available to download here.
Note: The free report requires you to submit contact details (name & email) to access.
(AI was used in part to facilitate this article.)
