Ransomware Attacks On The Energy Sector Surging

Uploaded on 2025-04-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Cyber attacks on the energy sector are significantly increasing mainly because of geo-political and technological factors. 

A report published by Sophos, which surveyed 275 cyber security and IT leaders from the energy, oil/gas, and utilities sector, across 14 countries, found 67% of respondents saying that their organisations had suffered a ransomware attack in the last year.

While Sophos’ figure remained steady year-over-year, a January 2025 Report from TrustWave says that ransomware attacks targeting the energy and utilities sectors increased by 80% in 2024 compared to 2023. 

Most of these hacks have managed to compromise IT environments, rather than more critical Operational Technology (OT) networks, but the threat to OT is significantly increasing. However, ransomware is just one aspect of the broader energy-sector threat landscape. 

Hacktivism is another major threat aimed at energy firms, with ideologically motivated adversaries linked to Russia and anti-Israel groups publicising alleged compromises of various victims’ OT networks. Nation-state espionage hackers linked to China, Iran, and North Korea have also been targeting the energy sector, including nuclear facilities.

These cyber-espionage campaigns are primarily driven by geopolitical considerations, as tensions shaped by the Russo-Ukraine war, the Gaza conflict, and the US power struggle with China are projected into cyber space. 

With hostilities rising, rival nations are attempting to demonstrate their cyber-military capabilities by penetrating Western critical infrastructure networks. Fortunately, these nation-state campaigns have overwhelmingly been limited to espionage, as opposed to genuinely damaging Stuxnet-style attacks intended to cause harm in the physical realm. 

A secondary driver of increasing cyber attacks against energy targets is technological transformation, marked by cloud adoption, which has largely mediated the growing convergence of IT and OT networks. 

OT-IT convergence across critical infrastructure sectors has thus made networked industrial Internet of Things (IIoT) appliances and systems more penetrable to threat actors. Specifically, researchers have observed that adversaries are using compromised IT environments as staging points to move into OT networks. Compromising OT can be particularly lucrative for ransomware actors, because this type of attack enables adversaries to physically paralyse energy production operations, empowering them with the leverage needed to command higher ransom sums. 

In cyber-military or cyber-terrorist scenarios the sabotage of OT systems can be catastrophic for physical environments and human life

Another technological trend that has transformed the threat environment for energy firms is rapidly advancing AI adoption. Not only has AI lowered the barriers to entry for certain types of attack campaigns, but the growing integration of AI with energy sector networks has introduced a maelstrom of new cyber-risk scenarios. This trend has has hit the nuclear sector, with Constellation Energy, the largest nuclear energy generator in N. America, said in 2022 that they were “looking at AI to decrease our customers’ energy costs and to optimise the many tasks they perform on a regular basis.” 

At the same time, recent announcements from AI and cloud-focused technology firms, including Microsoft, Meta, and Google, indicate that they have plans to use nuclear-generated energy to power their future data centres.

The North American Electric Reliability Corporation (NERC), a non-profit international regulatory authority that enforces industry standards in the US and Canada, said in 2024 that American power grids are becoming increasingly vulnerable to cyber attacks.  According to NERC, the number of susceptible points in electrical networks is growing by about 60 per day. 

A Reuters report on NERC’s warning noted that “geopolitical conflict, including Russia's invasion of Ukraine and the war in Gaza, have dramatically increased the number of cyber threats to North American power grids.”

Also, a forthcoming report on cyber threats targeting energy operators from Resecurity will examine recent Dark Web activity, highlighting adversary claims of successful breaches impacting this critical infrastructure sector.  This report will present findings collected by Resecurity’s HUNTER threat intelligence unit across ransomware-related incidents, access brokers, hacktivist leaks, and breaches specifically targeting the nuclear sector.

Sophos  |   Resecurity  |   Resecurity   |   Trustwave  |    Constellation  |  Reuters 

Image: Keattisak A

You Might Also Read: 

What Industrial Organisations Can Learn From Nation-State Cyber Attacks:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Blackouts In Spain & Portugal Likely Caused By A Cyber Attack
British Government Needs To Lean On Automation To Bolster Cyber Resilience »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Fredda Stanza

Fredda Stanza

Fredda Stanza specialize in Information Security and Forensics Consulting.

HackRead

HackRead

HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends.

ControlCase

ControlCase

ControlCase provide solutions that address all aspects of IT-GRCM (Governance, Risk Management and Compliance Management).

EY Advisory

EY Advisory

EY is a multinational professional services firm headquartered in the UK. EY Advisory service areas include Cybersecurity.

Samsung Knox

Samsung Knox

Samsung Knox brings multi-layered defence-grade security to your business’s smartphones and tablets.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

Cynamics

Cynamics

Cynamics is the only network monitoring solution built specifically for Smart City, Public Safety and Critical Infrastructure networks.

DigiByte (DGB)

DigiByte (DGB)

DigiByte (DGB) is a rapidly growing global blockchain with a focus on cybersecurity for digital payments & decentralized applications.

InferSight

InferSight

InferSight can help you design an architecture that takes into account security, performance, availability, functionality, resiliency and future capacity to avoid technological lock in and limitations

Seccuri

Seccuri

Seccuri is a unique global cybersecurity talent tech platform. Use our specialized AI algorithm to grow and improve the cybersecurity workforce.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

Entitle

Entitle

Entitle's SaaS-based platform automates how permissions are managed, enabling organizations to eliminate bottlenecks and implement robust cloud least privilege access.

US Insider Risk Management Center of Excellence (US-InRM)

US Insider Risk Management Center of Excellence (US-InRM)

The US-InRM Center of Excellence is a nonprofit organization dedicated to promoting private, public, and academic partnerships to foster knowledge sharing and resources to mitigate insider risk.

Clutch Security

Clutch Security

Clutch Security are on a mission to secure all Non-Human Identities. Everywhere.

ShieldHaus

ShieldHaus

Protect your business from evolving cyber threats with ShieldHaus. Our real-time, AI-powered security solutions block malicious IPs, phishing attempts, and harmful domains to safeguard your systems an