Ransomware Attacks On The Energy Sector Surging

Uploaded on 2025-04-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Cyber attacks on the energy sector are significantly increasing mainly because of geo-political and technological factors. 

A report published by Sophos, which surveyed 275 cyber security and IT leaders from the energy, oil/gas, and utilities sector, across 14 countries, found 67% of respondents saying that their organisations had suffered a ransomware attack in the last year.

While Sophos’ figure remained steady year-over-year, a January 2025 Report from TrustWave says that ransomware attacks targeting the energy and utilities sectors increased by 80% in 2024 compared to 2023. 

Most of these hacks have managed to compromise IT environments, rather than more critical Operational Technology (OT) networks, but the threat to OT is significantly increasing. However, ransomware is just one aspect of the broader energy-sector threat landscape. 

Hacktivism is another major threat aimed at energy firms, with ideologically motivated adversaries linked to Russia and anti-Israel groups publicising alleged compromises of various victims’ OT networks. Nation-state espionage hackers linked to China, Iran, and North Korea have also been targeting the energy sector, including nuclear facilities.

These cyber-espionage campaigns are primarily driven by geopolitical considerations, as tensions shaped by the Russo-Ukraine war, the Gaza conflict, and the US power struggle with China are projected into cyber space. 

With hostilities rising, rival nations are attempting to demonstrate their cyber-military capabilities by penetrating Western critical infrastructure networks. Fortunately, these nation-state campaigns have overwhelmingly been limited to espionage, as opposed to genuinely damaging Stuxnet-style attacks intended to cause harm in the physical realm. 

A secondary driver of increasing cyber attacks against energy targets is technological transformation, marked by cloud adoption, which has largely mediated the growing convergence of IT and OT networks. 

OT-IT convergence across critical infrastructure sectors has thus made networked industrial Internet of Things (IIoT) appliances and systems more penetrable to threat actors. Specifically, researchers have observed that adversaries are using compromised IT environments as staging points to move into OT networks. Compromising OT can be particularly lucrative for ransomware actors, because this type of attack enables adversaries to physically paralyse energy production operations, empowering them with the leverage needed to command higher ransom sums. 

In cyber-military or cyber-terrorist scenarios the sabotage of OT systems can be catastrophic for physical environments and human life

Another technological trend that has transformed the threat environment for energy firms is rapidly advancing AI adoption. Not only has AI lowered the barriers to entry for certain types of attack campaigns, but the growing integration of AI with energy sector networks has introduced a maelstrom of new cyber-risk scenarios. This trend has has hit the nuclear sector, with Constellation Energy, the largest nuclear energy generator in N. America, said in 2022 that they were “looking at AI to decrease our customers’ energy costs and to optimise the many tasks they perform on a regular basis.” 

At the same time, recent announcements from AI and cloud-focused technology firms, including Microsoft, Meta, and Google, indicate that they have plans to use nuclear-generated energy to power their future data centres.

The North American Electric Reliability Corporation (NERC), a non-profit international regulatory authority that enforces industry standards in the US and Canada, said in 2024 that American power grids are becoming increasingly vulnerable to cyber attacks.  According to NERC, the number of susceptible points in electrical networks is growing by about 60 per day. 

A Reuters report on NERC’s warning noted that “geopolitical conflict, including Russia's invasion of Ukraine and the war in Gaza, have dramatically increased the number of cyber threats to North American power grids.”

Also, a forthcoming report on cyber threats targeting energy operators from Resecurity will examine recent Dark Web activity, highlighting adversary claims of successful breaches impacting this critical infrastructure sector.  This report will present findings collected by Resecurity’s HUNTER threat intelligence unit across ransomware-related incidents, access brokers, hacktivist leaks, and breaches specifically targeting the nuclear sector.

Sophos  |   Resecurity  |   Resecurity   |   Trustwave  |    Constellation  |  Reuters 

Image: Keattisak A

You Might Also Read: 

What Industrial Organisations Can Learn From Nation-State Cyber Attacks:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Blackouts In Spain & Portugal Likely Caused By A Cyber Attack
British Government Needs To Lean On Automation To Bolster Cyber Resilience »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Kramer Levin

Kramer Levin

Kramer Levin is a full-service law firm with offices in New York and Paris. Practice areas include Cybersecurity, Privacy and Data Protection.

ThreatHunter.ai

ThreatHunter.ai

ThreatHunter.ai (formerly Milton Security) is a business that tracks down and mitigates attacks in real time using our ARGOS Platform and our Elite Threat Hunters.

Dubex

Dubex

Dubex is Denmark's leading business-oriented IT security specialist.

NetLib Security

NetLib Security

NetLib Security’s powerful, patented data security platform helps companies control data loss prevention (DLP) by managing what data can be transferred outside of their network.

Inspirria Cloudtech

Inspirria Cloudtech

Inspirria Cloudtech is a specialized Cloud Technologies Services provider and Cloud Aggregator focused on executing cloud models for clients.

InPhySec

InPhySec

InPhySec is a leading New Zealand information, physical and cyber security company.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.

Data Protection Commission (DPC)

Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

Cybersecurity Dubai

Cybersecurity Dubai

Protect your business from cyber-attacks with Cybersecurity Dubai, your partner in online security solutions.

Arista Middle East

Arista Middle East

Arista Middle East is part of Global Arista Technologies specializing in OT Cybersecurity.

Digital Security Authority (DSA)

Digital Security Authority (DSA)

The establishment of the Digital Security Authority, which incorporates the National CSIRT, is crucial to significantly raising the cybersecurity posture and capabilities of Cyprus.

InfoSecTrain

InfoSecTrain

InfoSecTrain are a leading training and consulting organization dedicated to providing top-tier IT security training and information security services to organizations and individuals across the globe

SecZone

SecZone

SecZone is a Chinese enterprise with a mission to "Make It Secure." We are dedicated to driving software security innovation globally.