Q1 2025: Our Newest Ransomware Report Update

The Food and Ag-ISAC continues to keep tabs on ransomware attacks against the food and agriculture sector. We recently released our Q1 2025 Ransomware Report Update, with new analysis and predictions for the year.

Notable Increase in Ransomware Attacks to Begin 2025

The fourth quarter of 2024 saw a notable uptick in ransomware volume across all critical sectors, and the growth in ransomware attacks continued into Q1 2025. This uptick in attack volume is likely attributed to increased activity by several prominent ransomware groups like CL0P, RansomHub, and Akira.

While attacks have risen across all critical sectors, the food and agriculture sector experienced more than three times the number of incidents in January and February 2025 compared to the same period in 2024. In March, however, activity appeared to level off, with 18 reported attacks in the first quarter of both years. Although the monthly number of attacks has stabilized, overall attacks across all sectors remain elevated. Due to the opportunistic nature of ransomware attacks, we expect an overall increase in attacks against the food and agriculture sector in 2025 compared to last year. In the graph below, we highlight the range of attacks in Q1 2025 vs Q1 2024 within the sector.

Food and Ag Sector Q1 Ransomware Attacks 

2024 vs. 2025

How Does the Food and Agriculture Industry Compare to Other Sectors?

Despite the threefold increase in ransomware attacks against the food and agriculture sector, the overall targeting remains fairly consistent, as all sectors have experienced an increase in attacks. The food and agriculture sector was targeted in 5.5% of all ransomware attacks we noted between January and March of 2025, which is consistent with our findings from previous quarters. The critical manufacturing sector continues to be the most heavily targeted sector month-to-month. Ransomware groups likely target organizations in critical manufacturing, as ransomware attacks against manufacturing environments may have a higher (or perceived higher) ransomware payout rate. The manufacturing sector also deals with the challenges of legacy equipment, vulnerabilities in industrial control systems, and patch management, which could make them easier targets for financially motivated cybercriminals.

We noted 84 attacks against the food and agriculture sector in Q1 2025, compared to just 40 in Q1 2024.  The food and ag sector ranked 6th out of 13 in relation to all other sectors we tracked. Although we have seen a doubled rate of food and ag sector targeting, it aligns with the trend we have seen across all sectors, with ransomware activity increasing 100 - 200% overall.

In 2024, the food and agriculture sector was impacted by 5.8% of all 3,494 ransomware attacks we tracked. The Q1 rate of 5.5% shows that while the volume of ransomware attacks may scale up and down, the opportunistic targeting of ransomware attacks has kept the targeting rate relatively the same.

Known Actors Hitting the Food and Agriculture Sector

Regardless of where the sector ranks overall in terms of ransomware attacks, ransomware actors remain active in the food and agriculture sector. We tracked 1,537 attacks in Q1 2025; 84 targeted the food and ag sector. Groups like CL0P, who continue to leverage zero-day vulnerabilities in popular file transfer applications to impact hundreds of victims across all critical sectors, are one of the reasons for this ransomware volume surge. However, even if we removed CL0P’s proliferation, ransomware attack volume has continued to increase yearly, even as organizations react and adapt to the increasingly sophisticated techniques these groups employ.

Food and Agriculture Sector 

Top 5 Ransomware Actors 

Q1 2025

The top 5 ransomware groups that impacted the industry in Q1 2025 are as follows:

• CL0P

• Akira

• Lynx

• Cactus

• SafePay

Our Takeaways

Ransomware is and will continue to be an ongoing threat to all critical sectors, as it remains profitable and easy to deploy. From the time we produced our first ransomware reports in 2023, the attack volume has grown in the food and ag sector - this trend can be attributed to the sector's growing dependence on technology and need for just-in-time operations. 

While every sector faces distinct challenges in responding to ransomware, the food and agriculture industry contends with its unique issues. The tightly timed supply chains and product delivery may make organizations in this sector especially appealing to ransomware operators seeking quick leverage. Beyond financial impact, the potential implications for health and human safety can further intensify the pressure on companies during an incident.

While the sector continues to experience ransomware attacks, much of the targeting still appears to be opportunistic. Many of the groups targeting the sector have targeted other sectors at an equal or greater rate, and there are no specific patterns seen in the victimology.

For more details, take a look at our full Q1 2025 Update!