Ransomware Attacks On The Energy Sector Surging

Uploaded on 2025-04-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Cyber attacks on the energy sector are significantly increasing mainly because of geo-political and technological factors. 

A report published by Sophos, which surveyed 275 cyber security and IT leaders from the energy, oil/gas, and utilities sector, across 14 countries, found 67% of respondents saying that their organisations had suffered a ransomware attack in the last year.

While Sophos’ figure remained steady year-over-year, a January 2025 Report from TrustWave says that ransomware attacks targeting the energy and utilities sectors increased by 80% in 2024 compared to 2023. 

Most of these hacks have managed to compromise IT environments, rather than more critical Operational Technology (OT) networks, but the threat to OT is significantly increasing. However, ransomware is just one aspect of the broader energy-sector threat landscape. 

Hacktivism is another major threat aimed at energy firms, with ideologically motivated adversaries linked to Russia and anti-Israel groups publicising alleged compromises of various victims’ OT networks. Nation-state espionage hackers linked to China, Iran, and North Korea have also been targeting the energy sector, including nuclear facilities.

These cyber-espionage campaigns are primarily driven by geopolitical considerations, as tensions shaped by the Russo-Ukraine war, the Gaza conflict, and the US power struggle with China are projected into cyber space. 

With hostilities rising, rival nations are attempting to demonstrate their cyber-military capabilities by penetrating Western critical infrastructure networks. Fortunately, these nation-state campaigns have overwhelmingly been limited to espionage, as opposed to genuinely damaging Stuxnet-style attacks intended to cause harm in the physical realm. 

A secondary driver of increasing cyber attacks against energy targets is technological transformation, marked by cloud adoption, which has largely mediated the growing convergence of IT and OT networks. 

OT-IT convergence across critical infrastructure sectors has thus made networked industrial Internet of Things (IIoT) appliances and systems more penetrable to threat actors. Specifically, researchers have observed that adversaries are using compromised IT environments as staging points to move into OT networks. Compromising OT can be particularly lucrative for ransomware actors, because this type of attack enables adversaries to physically paralyse energy production operations, empowering them with the leverage needed to command higher ransom sums. 

In cyber-military or cyber-terrorist scenarios the sabotage of OT systems can be catastrophic for physical environments and human life

Another technological trend that has transformed the threat environment for energy firms is rapidly advancing AI adoption. Not only has AI lowered the barriers to entry for certain types of attack campaigns, but the growing integration of AI with energy sector networks has introduced a maelstrom of new cyber-risk scenarios. This trend has has hit the nuclear sector, with Constellation Energy, the largest nuclear energy generator in N. America, said in 2022 that they were “looking at AI to decrease our customers’ energy costs and to optimise the many tasks they perform on a regular basis.” 

At the same time, recent announcements from AI and cloud-focused technology firms, including Microsoft, Meta, and Google, indicate that they have plans to use nuclear-generated energy to power their future data centres.

The North American Electric Reliability Corporation (NERC), a non-profit international regulatory authority that enforces industry standards in the US and Canada, said in 2024 that American power grids are becoming increasingly vulnerable to cyber attacks.  According to NERC, the number of susceptible points in electrical networks is growing by about 60 per day. 

A Reuters report on NERC’s warning noted that “geopolitical conflict, including Russia's invasion of Ukraine and the war in Gaza, have dramatically increased the number of cyber threats to North American power grids.”

Also, a forthcoming report on cyber threats targeting energy operators from Resecurity will examine recent Dark Web activity, highlighting adversary claims of successful breaches impacting this critical infrastructure sector.  This report will present findings collected by Resecurity’s HUNTER threat intelligence unit across ransomware-related incidents, access brokers, hacktivist leaks, and breaches specifically targeting the nuclear sector.

Sophos  |   Resecurity  |   Resecurity   |   Trustwave  |    Constellation  |  Reuters 

Image: Keattisak A

You Might Also Read: 

What Industrial Organisations Can Learn From Nation-State Cyber Attacks:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Blackouts In Spain & Portugal Likely Caused By A Cyber Attack
British Government Needs To Lean On Automation To Bolster Cyber Resilience »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

Bericon Forensics

Bericon Forensics

Bericon is one of the longest established forensic science consultancies in the UK. Activities include computer and mobile phone forensics.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

SysTools

SysTools

SysTools provides a range of services including data recovery, digital forensics, and cloud backup solutions.

SixThirty CYBER

SixThirty CYBER

SixThirty is a venture fund that invests in early-stage enterprise technology companies from around the world building FinTech, InsurTech, and Cybersecurity solutions.

astarios

astarios

astarios provide near-shore software development services including secure software development (DevSecOps), quality assurance and testing.

SOC.OS Cyber Security

SOC.OS Cyber Security

SOC.OS is an alert correlation and triage automation tool. It correlates and prioritises your alerts, boosting productivity, enhancing threat visibility and shortening mean time to respond.

Buchbinder Information Technology Solutions

Buchbinder Information Technology Solutions

Buchbinder Tunick & Company is a premier CPA and advisory firm offering a broad range of assurance, tax, business consulting and IT consulting services.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

BlastWave

BlastWave

BlastWave deliver Operational Technology Cybersecurity solutions that minimize the available attack surface and protect against the rising tide of AI-powered cyber attacks.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity's mission is to provide value by dramatically improving the cybersecurity posture of our clients and business partners.

Boltonshield

Boltonshield

Boltonshield provide a unique and proactive approach to cyber defence with managed security services, integrated technologies, and a team of security experts, ethical hackers and analysts.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

Canary Technology Solutions (Canary IT)

Canary Technology Solutions (Canary IT)

A Cloud, Cyber Security, Retail Solutions and Managed IT Services provider for over 25 years, we safeguard and revolutionise business through technology and foresight.