Ransomware Attacks On The Energy Sector Surging

Uploaded on 2025-04-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Cyber attacks on the energy sector are significantly increasing mainly because of geo-political and technological factors. 

A report published by Sophos, which surveyed 275 cyber security and IT leaders from the energy, oil/gas, and utilities sector, across 14 countries, found 67% of respondents saying that their organisations had suffered a ransomware attack in the last year.

While Sophos’ figure remained steady year-over-year, a January 2025 Report from TrustWave says that ransomware attacks targeting the energy and utilities sectors increased by 80% in 2024 compared to 2023. 

Most of these hacks have managed to compromise IT environments, rather than more critical Operational Technology (OT) networks, but the threat to OT is significantly increasing. However, ransomware is just one aspect of the broader energy-sector threat landscape. 

Hacktivism is another major threat aimed at energy firms, with ideologically motivated adversaries linked to Russia and anti-Israel groups publicising alleged compromises of various victims’ OT networks. Nation-state espionage hackers linked to China, Iran, and North Korea have also been targeting the energy sector, including nuclear facilities.

These cyber-espionage campaigns are primarily driven by geopolitical considerations, as tensions shaped by the Russo-Ukraine war, the Gaza conflict, and the US power struggle with China are projected into cyber space. 

With hostilities rising, rival nations are attempting to demonstrate their cyber-military capabilities by penetrating Western critical infrastructure networks. Fortunately, these nation-state campaigns have overwhelmingly been limited to espionage, as opposed to genuinely damaging Stuxnet-style attacks intended to cause harm in the physical realm. 

A secondary driver of increasing cyber attacks against energy targets is technological transformation, marked by cloud adoption, which has largely mediated the growing convergence of IT and OT networks. 

OT-IT convergence across critical infrastructure sectors has thus made networked industrial Internet of Things (IIoT) appliances and systems more penetrable to threat actors. Specifically, researchers have observed that adversaries are using compromised IT environments as staging points to move into OT networks. Compromising OT can be particularly lucrative for ransomware actors, because this type of attack enables adversaries to physically paralyse energy production operations, empowering them with the leverage needed to command higher ransom sums. 

In cyber-military or cyber-terrorist scenarios the sabotage of OT systems can be catastrophic for physical environments and human life

Another technological trend that has transformed the threat environment for energy firms is rapidly advancing AI adoption. Not only has AI lowered the barriers to entry for certain types of attack campaigns, but the growing integration of AI with energy sector networks has introduced a maelstrom of new cyber-risk scenarios. This trend has has hit the nuclear sector, with Constellation Energy, the largest nuclear energy generator in N. America, said in 2022 that they were “looking at AI to decrease our customers’ energy costs and to optimise the many tasks they perform on a regular basis.” 

At the same time, recent announcements from AI and cloud-focused technology firms, including Microsoft, Meta, and Google, indicate that they have plans to use nuclear-generated energy to power their future data centres.

The North American Electric Reliability Corporation (NERC), a non-profit international regulatory authority that enforces industry standards in the US and Canada, said in 2024 that American power grids are becoming increasingly vulnerable to cyber attacks.  According to NERC, the number of susceptible points in electrical networks is growing by about 60 per day. 

A Reuters report on NERC’s warning noted that “geopolitical conflict, including Russia's invasion of Ukraine and the war in Gaza, have dramatically increased the number of cyber threats to North American power grids.”

Also, a forthcoming report on cyber threats targeting energy operators from Resecurity will examine recent Dark Web activity, highlighting adversary claims of successful breaches impacting this critical infrastructure sector.  This report will present findings collected by Resecurity’s HUNTER threat intelligence unit across ransomware-related incidents, access brokers, hacktivist leaks, and breaches specifically targeting the nuclear sector.

Sophos  |   Resecurity  |   Resecurity   |   Trustwave  |    Constellation  |  Reuters 

Image: Keattisak A

You Might Also Read: 

What Industrial Organisations Can Learn From Nation-State Cyber Attacks:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Blackouts In Spain & Portugal Likely Caused By A Cyber Attack
British Government Needs To Lean On Automation To Bolster Cyber Resilience »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

Device Authority

Device Authority

Device Authority specialises in security automation for the Internet of Things (IoT).

Security Onion Solutions

Security Onion Solutions

Security Onion Solutions is the creator and maintainer of Security Onion, a free and open platform for threat hunting, network security monitoring, and log management.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

VivoSecurity

VivoSecurity

VivoSecurity is a pioneer in cyber risk quantification based on data science. Our products and services help organizations achieve optimal information security and GRC programs.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

Prove Identity

Prove Identity

Prove (formerly Payfone) is a leader in mobile & digital identity authentication for the connected world.

Hawk Network Defense

Hawk Network Defense

HAWK.io is the First Fully Automated, Multi-Tenant, Cloud-Based, MDR Service Company.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Guardio

Guardio

Guardio develop tools and products to combat modern web and browser threats.

Infiot

Infiot

Infiot is a pioneer in enabling secure, reliable access with zero trust security, network optimization, edge-intelligence and AI driven operations for all remote users, devices, sites and cloud.

Synoptek

Synoptek

Synoptek is a global systems integrator and managed IT services provider (MSP). We offer comprehensive IT management and consultancy services to organizations worldwide.

Disecto Technologies

Disecto Technologies

At Disecto, we provide SaaS based Data Discovery, Classification and a remediation solution for data privacy compliance.

12Port

12Port

12Port network security solutions help companies tackle modern cybersecurity threats cost-effectively while implementing zero-trust architectures.

Elixirr

Elixirr

Elixirr is an award-winning global consulting firm working with clients across a diverse range of markets, industries and geographies.