INDIA: In a growing wave of sophisticated cyber threats against the industrial sector, ransomware attacks jumped by 46% from Q4 2024 to Q1 2025, according to Honeywell’s (Nasdaq: HON) new 2025 Cybersecurity Threat Report. The research also found that both malware and ransomware increased significantly in this period and included a 3,000% spike in the use of one trojan designed to steal credentials from industrial operators. 

“Industrial operations across critical sectors like energy and manufacturing must avoid unplanned downtime as much as possible, which is precisely why they are such attractive ransomware targets,” said Paul Smith, director of Honeywell Operational Technology (OT) Cybersecurity Engineering, who authored the report. “These attackers are evolving fast, leveraging ransomware-as-a-service kits to compromise the industrial operations that keep our economy moving.” 

The Cybersecurity and Infrastructure Security Agency (CISA) in the United States defines incidents as substantial if they enable unauthorized access leading to significant operational downtime or impairments. Industry reports show that unplanned downtime, caused by cybersecurity attacks and other issues like equipment failure, costs Fortune 500 companies approximately $1.5 trillion annually, representing 11% of their revenue.

To develop the report, Honeywell researchers analyzed more than 250 billion logs, 79 million files, and 4,600 incident events that were blocked across the company’s global install base, finding:

• Ransomware still on the rise: 2,472 potential ransomware attacks were documented in the first quarter of 2025, which represents 40% of the annual total from 2024.
• Trojans exploiting industrial access: A dangerous Trojan targeting OT systems – W32.Worm.Ramnit accounted for 37% of files blocked by Honeywell’s Secure Media Exchange (SMX). This finding points to a 3,000% spike in the trojan compared to the previous quarter.
• USB-based threats persist: 1,826 unique USB threats were detected via SMX in Q1 2025, with 124 never-before-seen threats, indicating a persistent risk via external media and USB devices. This is built on a 33% increase in USB malware detections in 2023, following a 700% year-over-year surge in 2022.

The report expanded its analysis to include threats delivered through additional plug-in hardware, known as Human Interface Device (HID), including mice, charging cords for mobile devices, laptops, and other peripherals often used when updating or patching software for on-premise systems.

“With increasingly significant threats and updated SEC reporting regulations requiring the disclosure of material cybersecurity incidents, industrial operators must act decisively to mitigate costly unplanned downtime and risks, including those linked to safety,” Smith said. “Leveraging Zero Trust architecture and AI for security analysis can speed detection and enable smarter decision making and proactive defense in an increasingly complex digital landscape.”

To learn more and download the full report, visit our website.

The post Honeywell Report Reveals 46% Surge in Ransomware Attacks Targeting Industrial Operators appeared first on NRI News.

The CRI’s Policy Pillar led efforts to counter the business model that underpins the ransomware ecosystem. This included research on cyber insurance, victim behavior, seizure and confiscation of virtual assets, ransom payments, and best practices in incident reporting and information sharing.

The Diplomacy and Capacity Building Pillar expanded the CRI’s like-minded umbrella by adding 13 new members to the coalition. The pillar also prioritized opportunities to inform potential new members about the initiative and developed tailored capacity-building opportunities to match members’ needs and requests.

The International Counter Ransomware Task Force (ICRTF), established at last year’s meeting, began developing platforms for coordinating and disrupting ransomware at an operational level. The ICRTF will continue to build upon the successes of its inaugural year by operationalizing the tools and platforms developed by its members.

The CRI’s joint policy statement declares that member governments should not pay ransoms. The initiative also created a shared blacklist of wallets through the U.S. Department of the Treasury’s pledge to share data on illicit wallets used by ransomware actors with all CRI members.

The CRI provides an opportunity to create long-term cooperative approaches and common understandings of accountability in cyberspace, consistent with international law as well as state actions as embodied in the Framework for Responsible State Behavior in Cyberspace, endorsed by all United Nations member states.

Overall, the CRI’s joint statement highlights the importance of international cooperation in combating ransomware threats and building collective resilience against future attacks.

Image Source: U.S. Department of Justice on X

The post International Counter Ransomware Initiative Releases Joint Statement to Combat Ransomware Threats appeared first on NRI News.