Contents

From energy services to the healthcare system, the critical infrastructure sector has become a prime target for devastating ransomware attacks that can bring life as we know it to a standstill.

Trustwave SpiderLabs’ energy and utilities research 2025 report reveals that ransomware incidents in the energy and utilities industries rose by a staggering 80% in just one year.

Data from the Information Technology-Information Sharing and Analysis Center (IT-ISAC) indicate that this trend is ongoing. Attackers are increasingly targeting other critical infrastructure sectors, including manufacturing, commercial facilities, telecommunications, IT, financial services, and healthcare.

Ransomware has evolved from merely a “cyber crime issue” confined to the digital realm into a real-world kill switch. It has become a fundamental threat to business continuity, operational stability and corporate reputations, impacting entire economies and societies. So, what can your business do to mitigate the risks of this new form of ransomware and contribute to improving critical infrastructure security?

Why Is Critical Infrastructure the New Frontline?

In recent years, ransomware attacks have increased in frequency and complexity, causing significant disruptions across critical infrastructure sectors, including energy, water and healthcare.

Vital assets have become a prime target for ransomware groups due to the inherent value of these services. However, there are other motivations underpinning the escalating focus of ransomware groups on critical infrastructure, such as:

  • Dependence on uptime. Utilities, healthcare systems and government-related organisations depend heavily on continuous uptime. Any disruption can lead to significant financial losses and jeopardise public safety. As a result, these businesses are much more inclined to meet the demands of attackers, making them high-value targets for ransomware schemes.
  • Collateral damage. While money can be a significant concern, there are also non-financial costs to consider. For instance, a successful cyber attack on an energy provider would have a snowball effect on all private businesses relying on its critical services for their operations. It could leave entire populations without power and communications, amplifying the incident’s impact.
  • Geopolitical factors. Increased global instability and the rise of high-profile, state-sponsored cyber crime are also driving this surge of attacks. That is putting businesses at the frontline of cyber wars. Hacktivism has transformed traditional ransomware into a tool of warfare where money isn’t the only factor. Attackers are now driven and influenced by ideology and politically motivated agendas. Healthcare facilities, for instance, hold vast amounts of sensitive data and are critical to public welfare. These characteristics make them especially appealing to cyber criminals seeking both financial gain and the opportunity to inflict widespread disruption.

It is essential to understand that these critical infrastructure incidents aren’t random or a consequence of sloppy attacks. They are meticulously orchestrated to maximise impact and ROI and pressure businesses (or states) into compliance.

To do so, ransomware groups leverage ransomware-as-a-service (RaaS) and the power of artificial intelligence (AI) to exploit vulnerabilities that may have gone unchecked, such as ageing infrastructure, IoT devices, or poor cyber security hygiene.

Recent High-Profile Attacks: Different Incidents, Same Vulnerabilities

In the second quarter of 2025, BlackFog reported a 65% increase in publicly disclosed ransomware attacks compared to the same period in 2024. The healthcare sector was the worst affected.

Recent high-profile cyber attacks have underscored the vulnerabilities inherent in many businesses and revealed the extensive repercussions that can follow such breaches.

While specific incidents may vary, their impact is incredibly similar. When critical systems go offline due to ransomware or other malicious activities, the immediate effects are evident:

  • Significant service downtime. Disruptions to critical services have already led to delays in emergency responses in healthcare and public utilities. They have directly affected patients in healthcare facilities or caused energy shortages in communities, generating chaos. In some cases, ambulances were diverted and traffic control systems were disrupted.
  • Erosion of public trust. When essential services such as power and clean water falter as a result of a cyber security incident, people begin to lose confidence in the impacted businesses, systems and governments that are supposed to protect them. This loss of trust can lead to long-term reputational damage, pushing customers to seek alternatives.
  • Financial losses. $500,000. According to Claroty, is the minimum financial loss reported by 45% of critical infrastructure businesses affected by a cyber attack on cyber-physical systems (e.g., IoTs, medical devices and process control systems). Beyond the substantial ransom payouts and the costs of recovery, businesses often face increased scrutiny from regulators. In addition, legal fees and fines may further cripple the businesses already struggling to recover.
  • Policy Consequences. Most significant incidents often led to regulatory changes and higher security standards. The recently amended White House Cyber security Executive Orders and the upcoming UK Cyber Security and Resilience Bill (CSRB) are just two examples of such changes. The continuous evolution of regulations makes it challenging for businesses to keep up. They must frequently adjust their operations, resulting in additional costs.
  • Ripple effect. The implications of ransomware go beyond the initial breach. They create a precarious environment that jeopardises entire industries.
    Ransomware attacks on energy producers, for instance, can quickly affect the global supply chain. They can cause manufacturing delays, shortages, panic buying and higher energy prices. Moreover, when a key provider or necessary service is compromised, it doesn’t matter if the malware impacts only the business’s IT systems. Partners and stakeholders relying on the compromised software will pay the price for it too.

Overall, these attacks represent a reminder that investing in robust cyber security measures is not only a business concern. It’s a vital strategy that any business should follow.

Private Businesses Collateral Damage: The Hidden Risk of Critical Infrastructure Attacks

Even if major ransomware groups are shifting their attention to essential services, it doesn’t mean that businesses in other sectors shouldn’t be concerned.

Digitalisation and the growing reliance on interconnected services (e.g., cloud infrastructure) and devices have increased the risk of collateral damage. Examples include:

  • Supply chain disruptions. A logistics provider hit by a ransomware attack will have a domino effect on all customers and partners relying on its services. They may experience delays that, in turn, will have a direct impact on their operations, revenue and customer satisfaction.
  • Medium size businesses used as “soft targets”. Medium size businesses increasingly rely on larger third-party vendors and contractors. Ransomware groups often exploit their sometimes weaker security defences as easy entry points to gain access to critical infrastructure networks of larger businesses.
  • Internet of Things (IoT) devices. The rapid adoption of IoT devices, such as security cameras, printers, sensors and routers, opened a new array of potential backdoors for cyber criminals. These devices usually lack built-in security features and aren’t constantly monitored. Thus, they allow threat actors to infiltrate networks undetected and move laterally to hit more critical targets.

Ultimately, resilience is no longer a concern unique to the critical infrastructure industry. It impacts every business, of any size and spans all sectors. As a result, critical infrastructure security has become a collective concern that requires resilience, a comprehensive cyber security strategy and proactive, collaborative efforts between industries.

The Evolution of Ransomware: from Encryption to Advanced Technology

Ransomware groups are becoming increasingly sophisticated in their attack methodologies, adapting to new technologies and weaknesses. Ransomware has transformed from simple data encryption into flexible and technologically advanced tactics designed to bypass the latest cyber security measures and get the most out of it. These tactics include:

  • Double extortion. Malware like Medusa ransomware doesn’t only encrypt the victim’s data. It also steals sensitive information and threatens to make it public unless a ransom is paid. So, even if you have a backup of the data, your business’s reputation is still at risk, pressuring you to pay the ransom.
  • Targeting cloud and IoT infrastructure. As previously mentioned, the integration of cloud-based services and the exponential growth of IoT devices dramatically increase the attack surface. This facilitates the detection of more vulnerabilities and increases the chance of success.
  • Exploiting remote work technologies and weaknesses. Remote workers are easy targets. They often use outdated and/or unpatched personal devices (BYOD), insecure networks (e.g., public Wi-Fi) and unvetted applications that can be easily exploited by cyber criminals.
  • Automation and AI use. 80% of ransomware attacks analysed by MIT Sloan leveraged some form of AI. AI tools and automation are changing the nature of cyber attacks. They allow malicious actors to scale and launch faster and more effective offensives.

In summary, ransomware groups are professionalising their operations. Through strategic planning and the weaponisation of AI and business models such as RaaS, they have shifted to a more business-like approach.

This revolutionary change raises the stakes for businesses. They must now adapt to a landscape where cyber threats are more organised, aggressive and sophisticated than ever before.

Building Resilience: 4 Must Have Strategies for Leaders

Securing systems against this new generation of cyber attacks isn’t limited to identifying threats. When the worst happens, businesses must also know how to respond efficiently while also keeping the lights on.

Business leaders are at the forefront of this challenge. Through a proactive and holistic approach , they can embed resilience into the business’s DNA, making it an integral part of the overarching business strategy.

  • Invest in threat detection. Prioritise advanced threat detection and AI-driven monitoring tools. These systems enhance your ability to identify anomalies and respond to potential threats in real-time. Additionally, you will get data-driven insights to help you make informed strategic decisions.
  • Test your incident response plans. Implement regular testing of your incident response plans. Request the board’s approval. That will help you ensure that everyone in the organisation is on board and understands their roles and responsibilities. It will foster collaboration and a unified response during incidents.
  • Collaborate with peers and regulators. Periodically engage in meaningful conversations with industry peers, experts and regulators who are at the forefront of cyber security. Participating in events, cross-industry forums and conferences will allow you to exchange cyber security insights, experiences and strategies. You will gain practical know-how that will help you better anticipate threats, mitigate risks and create a more resilient cyber defence strategy.
  • Foster a culture of security. Promote a culture of security across all organisational levels. Employees are your first line of defence, but they can also become your biggest threat. Continuously educate your staff about security protocols and best practices. When everyone, from the top down, prioritises security, your business’s data, reputation and customers are more protected against potential threats.

Ultimately, leadership buy-in is essential. As a leader, you can’t just allocate resources toward resilience-building efforts. You must show an unwavering commitment to risk management and ensure that resilience becomes a strategic priority rather than an afterthought.

The journey may be challenging, but the rewards, such as business continuity, customers’ trust and increased reputation, are worth the effort.

Navigating the storm: How a Trusted Partner Can be a Game-Changer

The evolution of ransomware and the array of technologically advanced cyber risks emphasise the importance for businesses to stay on guard and be resilient.

However, resilience is not just about implementing a one-off solution. It hinges on a sustained partnership with trusted providers. In such a complex threat landscape businesses have to deal with direct and indirect risks. Breaches can have far-reaching consequences on entire industries therefore, a strategic approach and a trusted partner like Acora plays a pivotal role.

Collaborating with our experts, you will unlock:

  • Invaluable threat intelligence. Get insights into emerging threats and vulnerabilities to help you proactively adapt your defences against these new cyber security challenges.
  • An AI-specialised partner. Partners who specialise in AI-enabled security monitoring enhance your ability to detect anomalies and respond swiftly to incidents.
  • Business continuity planning. We work with you to develop and implement a business continuity plan that facilitates operational stability and resilience.
  • Managed detection and response. Our dedicated cyber security services such as managed detection and response and early warning systems will further bolster your security posture and ensure quicker and more effective incident management.

So, avoid becoming the low-hanging fruit as cyber threats grow. Proactively engage with trusted partners like Acora to turn operational resilience into opportunity and thrive in a volatile world.

Insights by The Acora Press Team