Dive Brief:
Dive Insight:
There were nearly 750 ransomware incidents in the IT sector in 2025, more than double the 300 incidents that the sector experienced in 2024, according to the IT-ISAC. The group blamed “a strategic pivot toward the IT sector” by ransomware gangs exploiting supply-chain vulnerabilities.
“While defensive capabilities may have improved, attackers countered with record-breaking speed, weaponizing critical zero-day vulnerabilities in platforms within hours of disclosure,” the IT-ISAC said in its report. Living-off-the-land behavior and improved social-engineering tactics also helped hackers evade defenses.
The IT sector accounted for nearly 12% of all 6,351 ransomware attacks that the IT-ISAC observed in 2025 using its own data and an analysis of public sources. After manufacturing, commercial facilities and IT, healthcare, financial services and legal organizations rounded out the top six most-targeted industries.
Among threat actors, the Qilin and Cl0p ransomware gangs displaced RansomHub and Akira as the two most active groups. Qilin, a ransomware-as-a-service enterprise, has begun using a Rust-based encryption tool that allows it to efficiently target multiple operating systems, according to the IT-ISAC, while Cl0p “remains a top-tier threat” because of its focus on high-volume exploitation of zero-day vulnerabilities.
In the food and agriculture sector, which experienced 265 ransomware attacks in 2025, Qilin and Akira were responsible for the most intrusions (37 and 36, respectively). They and three other groups accounted for nearly half of all attacks on the sector in 2025. The food ISAC said the groups were most likely “looking for victims of opportunity, rather than targeting the sector specifically.”
Cl0p, however, appears to be an exception to that. It targeted food and agriculture organizations in more than 9% of its attacks in 2025, well above the roughly 4% average among all threat actors.
