World sees a steep surge in ransomware attacks with the US leading the way, witnessing an increase of nearly 150 percent.
=====================================================================================
The oil and gas sector has seen a dramatic increase in ransomware attacks, with the United States being the primary target for roughly half of these attacks. According to Zscaler's 2025 Ransomware Report, ransomware attacks in the US have spiked by 146% in the last year.
The surge in attacks is mainly due to the sector's increased automation and digitization of industrial control systems, which expands the attack surface and exposes critical infrastructure such as drilling rigs and pipelines. This trend is concerning as ransomware actors are now prioritizing data theft over encryption, leading to a massive increase in data stolen – a 92% rise compared to the previous period, totaling 238 terabytes stolen from April 2024 to April 2025.
Three leading ransomware groups – RansomHub, Akira, and Clop – are responsible for the majority of these attacks, with 833, 520, and 488 victims respectively. Cybercriminals are deploying more sophisticated tactics, including "double extortion," where attackers not only encrypt data but also steal sensitive information and threaten to leak it if ransoms are not paid.
The growing reliance on automation and digital technologies in operations increases vulnerabilities, and outdated cybersecurity practices in the sector that fail to address modern threat vectors contribute to this problem. Additionally, the use of advanced tools like generative AI to enhance and speed up phishing, malware creation, and other attack methods makes campaigns more targeted and automated.
The impact of these attacks is significant. Potential operational shutdowns and disruptions to energy supplies because of ransomware-enforced outages, financial losses due to ransom payments and recovery costs, and longer-term reputational damage are just a few of the consequences. Exposure risks from data leaks threaten business confidentiality, safety protocols, and regulatory compliance.
To combat these threats, businesses are advised to upgrade and modernize their cybersecurity frameworks tailored for industrial control systems and operational technology (OT). Implementing Zero Trust security models, enhancing employee training, conducting regular vulnerability assessments and patching third-party software, strengthening collaboration between private sector cybersecurity teams and law enforcement, and establishing comprehensive incident response plans are all essential preventive measures.
The U.S. is disproportionately affected, with 3,671 attacks, more than all other top 14 affected countries combined. This underscores the urgent need for the oil and gas sector to evolve its cybersecurity defenses in the face of rapidly escalating ransomware threats. Zscaler advises businesses to combat these threats by adopting a cloud-native, AI-driven, zero-trust architecture.
- The surge in ransomware attacks in the oil and gas sector, particularly in the United States, is due in part to the increased use of technology in their operations, increasing both the attack surface and the risk of data theft.
- To combat the escalating ransomware threats in the oil and gas sector, businesses must modernize their cybersecurity frameworks to include zero-trust security models, enhance employee training, and implement cloud-native, AI-driven architectures.
