New data from the Food and Agriculture Information Sharing and Analysis Center (Food and Ag-ISAC) shows a sharp rise in ransomware activity in 2025. The groups Qilin, Akira, CL0P, Play, and Lynx led many of these attacks on the food and agriculture sector.
In collaboration with IT-ISAC, Food and Ag-ISAC reported around 6,377 ransomware incidents across various sectors, marking an astonishing 82% increase from 2024’s 3,508 cases. Since their monitoring began in 2020, this initiative has tracked over 15,265 ransomware incidents using automated tools to gather data from public breach disclosures, RSS feeds, dark web sites, and internal intelligence.
The Food and Ag-ISAC’s database is a valuable resource for its members. It helps analyze trends and identify new threats. When significant dangers arise, ISACs create detailed attack playbooks, now totaling over 330. These guides outline tactics to boost detection and response in critical infrastructure.
“It’s concerning that the food and agriculture sector endured 265 attacks in 2025,” said Food and Ag-ISAC. This represented 4.2% of all ransomware incidents across critical sectors. While this is lower than other sectors, the growing number of victims is alarming. The tightly-knit supply chains in this industry mean that ransomware attacks can have severe consequences. Interestingly, 2024 and 2025 saw consistent monthly attack rates, with spikes noted in January, February, and December of 2025, largely due to CL0P exploiting system vulnerabilities.
In comparison, critical manufacturing endured the most attacks, with 1,440 incidents accounting for 22.7% of all ransomware cases. The commercial facilities sector followed closely with 1,107 attacks (17.5%), while the IT sector experienced 746 incidents (11.8%). Healthcare suffered 580 attacks (9.2%), and the financial sector saw 463 cases (7.3%).
Most notably, the U.S. was a hotspot, recording 3,311 ransomware incidents in 2025, which is about 52.1% of global attacks. Other nations reported fewer than 300 incidents, with each being less than 5% of the total. This highlights the U.S.’s prominence as a target for cybercriminals due to its robust digital landscape and high-value targets.
The leading ransomware groups—Qilin, Akira, CL0P, Play, and Lynx—were responsible for nearly 50% of attacks within the food and agriculture sector in 2025. Their tactics usually involve scanning for vulnerable systems, using social engineering, and opportunistically targeting exposed organizations. CL0P, however, directed a significant 9.3% of its attacks at the food and agriculture sector, more than double the average for other groups.
Looking ahead to 2026, the Food and Ag-ISAC expects ransomware threats to continue evolving. The rise of smaller, specialized ransomware groups could increase risks as they are more difficult for authorities to track. Interestingly, the number of active ransomware groups surged by nearly 50% in 2025.
Distributed denial-of-service (DDoS) attacks are reappearing as a tool for ransomware operators. These actors often combine DDoS attacks with ransomware to create further chaos after breaching systems, keeping websites and applications offline even after data is restored.
Targeting critical infrastructure remains a focus for ransomware actors. Attacks on platforms like VMware ESXi can disrupt numerous organizations at once, demonstrating the widespread impact of a single compromised host. Additionally, they are increasingly targeting software-as-a-service and managed service providers, as breaches in these areas can cause widespread damage across interconnected supply chains.
In August 2023, two ransomware attacks were confirmed in the food and beverage sector, underscoring ongoing vulnerabilities. The American Farm Bureau Federation is now partnering with Food and Ag-ISAC to bolster cybersecurity defenses for farmers and ranchers, providing valuable resources and guidance across the agriculture industry.
For more insights on cyber threats and defenses, check out this report.
Source link
Akira,Cl0p,DDoS,Food and Ag-ISAC,food and agriculture,Lynx,Play,Qilin,Ransomware attacks
