Ransomware Slowdown Masks Rise in Nation-State Attacks on Infrastructure

Ransomware Slowdown Masks Rise in Nation-State Attacks on Infrastructure

First seen 27 Mar 2026, 15:16 UTC Industrialcyber.CoDarkreading 70% similarity 60.0

Article Content

Browse articles
ThreatCluster

The Waterfall Threat Report 2026 reveals a 25% decrease in cyber breaches with physical consequences, dropping to 57 incidents in 2025 from 76 in 2024. This decline is attributed to a temporary slowdown in ransomware activity, which has historically been the primary threat to operational technology (OT) systems. Despite the overall decrease, nation-state and hacktivist attacks doubled in 2025, with many linked to the ongoing conflict related to the Russian invasion of Ukraine. Significant incidents included a major production shutdown at Jaguar Land Rover and disruptions at Collins Aerospace. The report indicates that the majority of attacks in the 'Unknown' category are likely ransomware-related, as there were no claims made by hacktivists or details contradicting this theory. The report emphasizes the need for improved cybersecurity measures, particularly for vulnerable OT systems, as attackers exploit basic security oversights. The trend raises concerns about the potential for more sophisticated attacks in the future.

Key Points: • Cyber breaches with physical consequences fell by 25% in 2025, totaling 57 incidents. • Nation-state and hacktivist attacks doubled, largely linked to the Russia-Ukraine conflict. • Ransomware remains a significant threat, with many attacks categorized as 'Unknown' likely being ransomware-related.

ThreatCluster AI

Timeline

2025-01-01
Start of 2025 with ongoing ransomware activity
2025-01-10
Major production shutdown at Jaguar Land Rover
2025-01-15
Disruption at Collins Aerospace due to cyber incident
2025-12-31
End of 2025 with 57 recorded OT cyber incidents
2026-03-27
Waterfall Threat Report 2026 published

Community

Browse all →