The frequency and intensity of cyberthreats seem to be increasing despite businesses' ongoing efforts to thwart malicious actors. Honeywell, a global technology and manufacturing firm that also provides cybersecurity solutions, reported a 46% rise in ransomware extortion attacks between October 1, 2024, and March 31, 2025, as compared to the previous six-month period.
Win32.Worm.Ramnit, a Trojan that typically targets the banking sector to steal account details, was found in 37% of files blocked by Honeywell's SMX product. That represented a 3,000% rise from the second quarter of 2024, when Honeywell last reported on it.
In its investigation report, Honeywell stated that "it can likely be assumed it has been repurposed to extract control system credentials" due to the Trojan's saturation presence in the ecosystems of its industrial clients. "Existing adversaries continue to disrupt operations across critical sectors, even in the absence of new ransomware variants specifically designed for industrial control systems."
1,929 ransomware incidents were made public throughout the reporting period. Eight verticals accounted for the vast majority (71%) of the cases, with the industries most affected being manufacturing, construction, healthcare, and technology.
Given that ransomware attacks are normally "more opportunistic, typically creating a normal distribution of attacks across different industries," Honeywell noted that this was a really unusual pattern.
The report claims that supply chain disruptions, manual failovers, and forced production outages caused by ransomware have been experienced by manufacturing plants, water treatment facilities, and energy providers.
In response to the elevated threats, during the reporting period, some organisations "doubled down on best practices that would be considered baseline," according to Honeywell. Such procedures include, for example, immutable data backups and regular vulnerability assessments. According to Honeywell, as of October 2024, victimised organisations had paid out more than $1 billion in ransomware.
Another new cybersecurity report, from the Information Security Media Group, focused on artificial intelligence, which it described as the "defining force" of cybersecurity-related disruption.
As businesses use AI to automate threat detection and scale response capabilities, "adversaries are using the same technologies to enhance phishing, generate polymorphic malware, and conduct identity fraud with unprecedented precision," according to the ISMG research. ISMG added that the combination of AI and quantum computing "further signals a critical shift requiring crypto-agility and forward planning.”
