<p>Manufacturing remained ransomware operators’ most-targeted sector heading into 2026, according to analysis by threat researchers at cybersecurity services provider NordStellar. Other top targets by industry include IT firms, professional services providers and construction companies.</p>
<p>Note, however, that — as for-profit businesses — ransomware gangs constantly adapt to shifting market conditions, victimizing any organizations they see as both relatively vulnerable and likely to pay. With that caveat in mind, what follows are the 10 industries that ransomware operators most frequently targeted in 2025, according to NordStellar’s <a target=”_blank” href=”https://nordstellar.com/blog/ransomware-statistics/” rel=”noopener”>research</a>.</p>
<section class=”section main-article-chapter” data-menu-title=”1. Manufacturing”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>1. Manufacturing</h2>
<p>NordStellar found nearly one in five attacks in 2025 targeted a manufacturing company, with 1,156 ransomware incidents in this sector — a 32% year-over-year increase.</p>
<p>A recent ransomware attack on Jaguar Land Rover brought the luxury automaker’s manufacturing activities to a halt for more than a month. U.K. experts have called it the most financially damaging cyberattack in national history, <a target=”_blank” href=”https://www.cybersecuritydive.com/news/jaguar-land-rover-attack-british-economy-25-billion/803491/” rel=”noopener”>costing the British economy $2.5 billion</a>.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”2. Information technology”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>2. Information technology</h2>
<p>The IT sector currently ranks second, accounting for 8.7% of ransomware incidents. In July 2025, for example, technology firm <a target=”_blank” href=”https://www.cybersecuritydive.com/news/ingram-micro-restores-global-operations-hack/752708/” rel=”noopener”>Ingram Micro suffered a ransomware attack</a> that disrupted normal operations for several days. The SafePay ransomware group claimed responsibility.</p>
<p>In a high-profile incident in 2021, the REvil gang targeted Taiwan-based PC manufacturer Acer and demanded one of the largest ransoms on record — $50 million. Whether the company paid the ransom is unknown.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”3. Professional, scientific and technical services”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>3. Professional, scientific and technical services</h2>
<p>Professional, scientific and technical services providers were also frequently in ransomware operators’ crosshairs in recent months, making up 8.2% of attacks.</p>
<p>In August 2025, <a target=”_blank” href=”https://www.cybersecuritydive.com/news/inotiv-confirm-cyberattack-data-theft/807277/” rel=”noopener”>ransomware disrupted operations at Inotiv</a>, a pharmaceutical and biotechnology services firm. The <a target=”_blank” href=”https://www.darkreading.com/cyberattacks-data-breaches/extortion-gangs-join-forces-ransomware-cartel” rel=”noopener”>Qilin ransomware gang</a> claimed responsibility for the incident, in which attackers stole the personal data of roughly 9,500 people.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”4. Construction and property”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>4. Construction and property</h2>
<p>NordStellar researchers found 7.4% of ransomware attacks in 2025 targeted organizations in the construction and property sector.</p>
<p>In early 2024, <a target=”_blank” href=”https://www.cybersecuritydive.com/news/loandepot-ransomware-exposes-17M-people/705169/” rel=”noopener”>ransomware operators hit mortgage lender LoanDepot</a>, stealing the sensitive personal information of 16.6 million customers. The company later said that it incurred <a target=”_blank” href=”https://www.cybersecuritydive.com/news/loandepot-net-loss-cyber-settlement-q2/723838/” rel=”noopener”>more than $41 million in attack-related expenses</a> in the first half of that year.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”5. Healthcare”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>5. Healthcare</h2>
<p>Medical providers’ high-stakes work and widespread security vulnerabilities make them a perennial target of cybercriminals. In 2025, 5.7% of ransomware attacks targeted healthcare organizations, NordStellar researchers found.</p>
<p>Ransomware incidents in
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: