Ransomware's favorite target in 2025 and what you can do about it

Ransomware crews have a clear favorite target in 2025: factories. New data shows manufacturing soaking up the lion’s share of industrial attacks this year, as criminals pivot between software flaws and stolen logins to break in – and as schools and local governments shoulder increasingly visible collateral damage.

How attackers get in is shifting – but not as fast as defenders might hope. The State of Ransomware 2025 report from Sophos finds exploited software vulnerabilities remain the single most common technical root cause for victims, ahead of compromised credentials and malicious email.

At the same time, CrowdStrike’s Global Threat Report 2025 flags a sharp rise in “malware-free, identity-based” intrusions, with adversaries increasingly logging in rather than hacking in. As with all things to do with cybersecurity, humans are the problem in the loop. Abusing valid accounts, remote management tools, and legacy authentication are all exploited by criminals.

Public guidance from the US Cybersecurity and Infrastructure Security Agency’s StopRansomware Guide says it’s important for organisations to shore up their two major risk points: vulnerabilities and identity. In practice, that means keeping up with patches on VPNs, firewalls, and remote access tools, while maintaining strict control over remote access software, and using phishing-resistant multi-factor authentication.

To read the complete article see: Ransomware’s favorite target in 2025 :muscle: