SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Dimly lit industrial control room multiple screens warning symbols cyber attack disruption
#
Ransomware
#
Advanced Persistent Threat Protection
#
Supply Chain

Ransomware attacks surge 28% in September as Industrials sector hit hardest

Thu, 30th Oct 2025
Author image
By Shannon Williams, Journalist

NCC Group's latest report has found that global ransomware attacks increased sharply in September after several months of decline.

According to the report, ransomware attack volumes globally climbed by 28% in September, reaching a total of 421 incidents. This followed a downward trend over the previous six months and indicates a renewed surge in ransomware activity as cyber criminals target the year's remaining months, typically a busy period for such attacks.

Industrials most affected

Data from the report shows that the Industrials sector remained the most targeted, accounting for 29% (120) of all attacks in September. Across the third quarter, Industrials represented 30% (342) of total attacks, underlining its status as a priority for threat actors, even as incidents affecting customer-facing industries continue to draw public attention.

Consumer Discretionary sectors, which include automotive manufacturers, retail businesses, and leisure facilities, came in as the second most-affected sector with 76 attacks over the period. Financial institutions moved into third place, recording 47 attacks. The focus on financial entities highlights ransomware groups' strategic targeting of sectors likely to yield financial data, consistent with a broader pattern of maximising monetary gains through data theft or extortion.

Regional trends and critical infrastructure

North America and Europe accounted for the lion's share of incidents, comprising 75% or 317 of all attacks in September. The report singled out a ransomware incident targeting major European airports, which resulted in significant disruption. Airlines resorted to manual operations, leading to delays, cancellations, and congestion for passengers, highlighting the vulnerability of critical transportation infrastructure to cyber attacks.

Qilin's growing impact

Analysis of threat actors in the report revealed that the cyber gang Qilin claimed responsibility for 14% (58) of all ransomware attacks in September. Over the third quarter, Qilin was identified as the most prominent threat group, associated with 13% (151) of attacks globally. Qilin's targeting of industries that are data-centric, financially lucrative, or supply-chain dependent-such as Industrials and Consumer Discretionary-underscores their apparent aim to maximise operational disruption and increase leverage for extortion efforts.

The report also noted the emergence of new groups in the period, including The Gentlemen and Interlock. The rise of smaller ransomware groups reflects a shifting threat landscape, as newcomers benefit from access to shared infrastructure and leaked builder kits to rapidly expand their operations. This diversification in the actor ecosystem illustrates how cyber threats continue to evolve and become more complex.

Geopolitical factors

The third quarter's ransomware trends have played out against a backdrop of intensified geopolitical tensions. The report references China's summit with non-Western leaders, which signaled a challenge to the prevailing US-led international order, and Russian military drills alongside ransomware attacks on European infrastructure, describing them as examples of increasing hybrid warfare. The situation in the Middle East, particularly Israeli strikes in Qatar and growing recognition of Palestine, is also highlighted as contributing to a volatile international landscape in which ransomware and other cyber operations are deployed as instruments of strategic influence and disruption.

Organisations urged to act

Matt Hull, head of Threat Intelligence at NCC Group, said: "From high-profile supply chain breaches and persistent ransomware activity, to the influence of geopolitical tensions on cyber operations, organizations are facing increasingly adaptive and sophisticated threat actors.

He continued: "The rise in attacks in September could be a sign that the decline we've seen recently is now over. As we approach the busy season for attackers - with Black Friday and Christmas fast approaching - organizations can't be complacent. Recent attacks on the transport and retail sector, specifically, have shown just how severe the disruption can be. So, organizations need to ensure they have robust third-party risk management, rapid incident response, and proactive security strategies."

The report also addresses other emerging threat areas, such as artificial intelligence-enabled ransomware, third-party breaches, and the use of cookie hijacking, and considers how these are being exacerbated by the changing geopolitical context.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Forrester predicts AI errors to cost B2B firms over USD $10 billion
Drata appoints Aneal Vallurupalli as CFO amid global expansion
Ping Identity launches platform to secure & manage AI agents
Gigamon unveils quantum-safe cryptography in GigaVUE update
Barracuda unveils AI assistant to boost security team efficiency

Top stories

The cybersecurity imperative for smart factories
Fortinet unveils Secure AI Data Centre with 69% power saving
Exclusive: Google on AI-powered attacks & cyber threats in Australia
Hexaware boosts cybersecurity with strategic CyberSolve acquisition
Avanade unveils suite of Microsoft-powered tools for midmarket firms