Manufacturing remained ransomware operators’ most-targeted sector heading into 2026, based on evaluation by menace researchers at cybersecurity providers supplier NordStellar. Different high targets by trade embody IT corporations, skilled providers suppliers and building corporations.
Be aware, nevertheless, that — as for-profit companies — ransomware gangs always adapt to shifting market situations, victimizing any organizations they see as each comparatively weak and prone to pay. With that caveat in thoughts, what follows are the ten industries that ransomware operators most continuously focused in 2025, based on NordStellar’s analysis.
1. Manufacturing
NordStellar discovered practically one in 5 assaults in 2025 focused a producing firm, with 1,156 ransomware incidents on this sector — a 32% year-over-year enhance.
A current ransomware assault on Jaguar Land Rover introduced the luxurious automaker’s manufacturing actions to a halt for greater than a month. U.Ok. consultants have referred to as it essentially the most financially damaging cyberattack in nationwide historical past, costing the British economic system $2.5 billion.
2. Data know-how
The IT sector at the moment ranks second, accounting for 8.7% of ransomware incidents. In July 2025, for instance, know-how agency Ingram Micro suffered a ransomware assault that disrupted regular operations for a number of days. The SafePay ransomware group claimed accountability.
In a high-profile incident in 2021, the REvil gang focused Taiwan-based PC producer Acer and demanded one of many largest ransoms on document — $50 million. Whether or not the corporate paid the ransom is unknown.
3. Skilled, scientific and technical providers
Skilled, scientific and technical providers suppliers had been additionally continuously in ransomware operators’ crosshairs in current months, making up 8.2% of assaults.
In August 2025, ransomware disrupted operations at Inotiv, a pharmaceutical and biotechnology providers agency. The Qilin ransomware gang claimed accountability for the incident, by which attackers stole the private information of roughly 9,500 individuals.
4. Building and property
NordStellar researchers discovered 7.4% of ransomware assaults in 2025 focused organizations within the building and property sector.
In early 2024, ransomware operators hit mortgage lender LoanDepot, stealing the delicate private data of 16.6 million clients. The corporate later mentioned that it incurred greater than $41 million in attack-related bills within the first half of that 12 months.
5. Healthcare
Medical suppliers’ high-stakes work and widespread safety vulnerabilities make them a perennial goal of cybercriminals. In 2025, 5.7% of ransomware assaults focused healthcare organizations, NordStellar researchers discovered.
Ransomware incidents on this sector could be lethal. An assault on a hospital in Düsseldorf, Germany, as soon as compelled healthcare staff to ship a affected person with a life-threatening situation to a different hospital 20 miles away. The affected person died, though prosecutors later concluded the assault and subsequent delay didn’t play a task. Regardless, analysis strongly suggests ransomware assaults have already contributed to pointless deaths.
6. Monetary providers
One in 20 ransomware assaults in 2025 focused the monetary providers trade. A serious ransomware assault on this sector may have widespread, catastrophic results on the economic system and society at giant. New York’s Division of Monetary Providers has warned it may set off “the following nice monetary disaster” by crippling key organizations and eroding shopper confidence.
In 2019, the REvil ransomware gang hit overseas trade bureau Travelex, disrupting operations in dozens of nations and leaving banks and vacationers with out entry to funds for greater than every week. The incident, together with the COVID-19 pandemic, left the corporate in dire monetary straits, leading to 1,300 job cuts and insolvency administration proceedings.
7. Transportation, logistics, provide chain and storage
Ransomware incidents within the transportation, logistics, provide chain and storage sectors accounted for 4.9% of assaults final 12 months. Cybercriminals have lengthy seen organizations within the logistics sector as engaging ransomware targets. Virtually a decade in the past, for instance, a still-infamous NotPetya assault value Danish delivery large Maersk as much as $300 million in misplaced income.
8. Authorized
The authorized providers sector was additionally among the many 10 most focused industries in current months, accounting for 4.7% of all assaults, based on the NordStellar report. Main regulation corporations are engaging ransomware targets, as many possess extremely delicate information and are prone to have monetary assets to pay giant ransom calls for. Criminals may also victimize smaller authorized corporations with outdated or lackluster cybersecurity packages that make their networks comparatively simple to entry.
In February 2021, main regulation agency Campbell Conroy & O’Neil mentioned ransomware operators had accessed and encrypted system information that included delicate private data equivalent to Social Safety numbers and monetary data. The trial attorneys have represented quite a few Fortune 500 corporations, together with Boeing, FedEx, House Depot and Johnson & Johnson.
The earlier 12 months, a ransomware assault hit distinguished leisure agency Grubman Shire Meiselas & Sacks, which has represented superstar purchasers equivalent to Girl Gaga and Madonna.
9. Retail
The retail sector additionally accounted for 4.7% of assaults in 2025, tying with authorized. Sophos researchers discovered that exploited vulnerabilities have been the most typical root explanation for ransomware assaults on this sector for the previous three years.
A number of main British retailers sustained high-profile ransomware assaults in 2025, together with Marks & Spencer. The incident resulted in stolen buyer information and induced on-line and in-store operational disruptions, with the retail large later estimating prices of as much as $402 million.
10. Training
In line with NordStellar, academic organizations had been targets in 3.6% of ransomware assaults. In optimistic information, Sophos researchers discovered that median ransom calls for and funds on this sector each fell sharply in 2025. And whereas roughly half of training victims made ransom funds, the proportion of the preliminary calls for paid additionally fell 12 months over 12 months.
In 2022, 157-year-old Lincoln Faculty grew to become the primary American faculty to attribute its everlasting closure partly to a ransomware assault. The college additionally pointed to the COVID-19 pandemic as a contributing issue. More moderen targets embody Texas Tech College’s Well being Sciences Facilities, the Colorado Division of Larger Training and Bunker Hill Group Faculty in Boston.
Different industries
The whole variety of ransomware assaults is on the rise, with NordStellar researchers discovering proof on the darkish internet of 9,251 incidents in 2025 — up 45% over the earlier 12 months. Organizations from industries not talked about above had been targets in 27.8% of those assaults, underscoring an essential core fact: No firm, no matter dimension or sector, is immune.
Alissa Irei is senior web site editor of Informa TechTarget’s SearchSecurity web site.
