Ransomware resurgence: A call for heightened cyber vigilance

Ransomware attacks surged by 28% in September, with Industrials and critical infrastructure most vulnerable.

Ransomware incidents have climbed for the first time in half a year, registering a remarkable 28% increase month-on-month to 421 attacks. Although the total attack count remained under 500, this pattern could forecast a more severe escalation as the year's peak period for cybercrime approaches.

The Industrials sector endures as the foremost target of ransomware, comprising 29% (120) of all attacks in September. As the leading sector in Q3, with 30% (342) of attacks, Industrials remain a prime focus for cybercriminals, albeit the public frequently shifts its attention towards consumer-sector breaches.

Consumer Discretionary sectors, including automotive, retail, and leisure, endured 76 attacks, with Financials trailing in third place with 47 attacks. The adversaries' ongoing assaults on financial institutions underscore a strategy centred around acquiring financial data, a larger trend in ransomware to augment monetary gain.

North America and Europe bore the majority of global attacks, collectively at 75%, resulting in 317 incidents last month. A significant ransomware offensive on major European airports led to severe disruption. Airlines, impacted by the attack, had to shift to manual processes, causing delays, cancellations, and massive passenger queues. Such events starkly highlight the vulnerabilities inherent in vital infrastructure.

Qilin led the September surge, owning up to 14% (58) of the attacks, its dominance carrying through the quarter with 13% (151) of all assaults. Their focus on industries like Industrials and Consumer Discretionary – that are data-rich, financially rewarding, and supply-chain dependent – suggests a concerted strategy to induce operational turmoil and enforce extortion.

New threat actors, The Gentlemen and Interlock, have emerged. The advent of these groups heralds a transformation in the threat landscape, where smaller players amass influence using shared infrastructure and disclosed builder kits, illustrating the threat ecosystem's continuous evolution.

Geopolitical dynamics in September heightened global cyber threats, with notable events such as China's summit signaling a challenge to Western dominance, while Russian military exercises and ransomware tactics laid bare the ascending threat of hybrid warfare. In the Middle East, Israeli activities in Qatar and growing Palestinian recognition further elevated international tensions. Collectively, these developments delineate a fractious global sphere where ransomware and cyber maneuvers increasingly serve as instruments of strategic influence and disruption.

SonicWall reports a rise in cyber attacks against the UK healthcare sector, with a focus on dated...
According to research conducted by Cohesity in partnership with OnePoll, UK CEOs anticipate quick...
Tenable and OpenAI partner to harness AI in confronting evolving cyber threats and enhancing...
MCIM has introduced Operational Audits to help colocation providers improve operational readiness...
The Bristol refurbishment adds AI-ready capacity as part of nLighten's wider UK expansion programme.
DigiCert's UltraDNS has integrated Valimail’s DMARC monitoring for enhanced email security,...
A 2026 survey of IT leaders by Kore.ai finds that many enterprises report limited visibility and...
Cohesity has introduced Cohesity Maestro, a new platform built on the Model Context Protocol (MCP)...