Ransomware attacks against the global energy sector surged in 2025, with 187 confirmed incidents causing system encryption, data theft, operational disruptions, and multimillion-dollar losses. Organized ransomware groups and access brokers exploited legacy OT, IT‑OT convergence, and slow patching—examples include FrostyGoop, RansomHub, and Zerosevengroup. #FrostyGoop #RansomHub #Zerosevengroup #Halliburton #ABB_ASPECT
Keypoints
- There were 187 confirmed ransomware attacks in the energy and utilities sector during 2025, causing encryption, data exfiltration, and service disruption.
- RansomHub, Akira, and Play were among the most active ransomware groups, collectively accounting for a significant share of incidents.
- Legacy OT, IT‑OT convergence, and widely distributed assets create persistent vulnerabilities across energy infrastructure.
- Initial access brokers such as Zerosevengroup, mommy, and Miyako amplified attacks by selling privileged network access.
- Effective defenses include network segmentation, faster patch management, monitoring underground markets, offline backups, and incident preparedness.
Read More: https://thecyberexpress.com/energy-sector-ransomware-threats-2025/