46% SURGE IN RANSOMWARE: Honeywell Report Confirms OT Systems Are Top Targets
A stark new report from Honeywell has provided hard data confirming a frightening trend for critical infrastructure: ransomware attacks targeting industrial and Operational Technology (OT) systems surged by 46% in the first quarter of 2025 alone. The 2025 Honeywell Cyber Threat Report reveals an escalating and sophisticated campaign against the very systems that control manufacturing plants, water treatment facilities, and energy grids, making them top targets for cybercriminals.
Ransomware Attacks on the Rise
The report documents a dramatic increase in ransomware victims, with Q1 2025 seeing a massive jump. This consistent growth highlights the increasing focus of cybercriminals on the industrial sector.
| Quarter | New Ransomware Victims |
|---|---|
| Q2 2024 | 1,510 |
| Q3 2024 | 1,703 |
| Q4 2024 | 1,980 |
| Q1 2025 | 2,472 |
| Source: Honeywell 2025 Cyber Threat Report |
Operational Technology (OT) refers to the hardware and software used to monitor and control physical processes and industrial equipment. Unlike Information Technology (IT), which manages data, OT manages the physical world. Examples include:
-
Industrial Control Systems (ICS) in factories and manufacturing plants.
-
Supervisory Control and Data Acquisition (SCADA) systems used in power grids, oil pipelines, and water treatment facilities.
-
Building Management Systems that control HVAC, lighting, and security in large facilities.
These systems are prime targets for ransomware gangs for one simple reason: downtime is catastrophic. As Honeywell's report notes, "Industrial operations across critical sectors like energy and manufacturing must avoid unplanned downtime as much as possible – which is precisely why they are such attractive ransomware targets." An attack that shuts down a factory or a power plant can cost a company millions per day, creating immense pressure to pay the ransom.
Furthermore, OT systems are uniquely vulnerable due to several factors:
-
Long Lifecycles: Industrial equipment is built to last for decades (30-40 years), meaning many systems in use today are running on legacy software and operating systems that are no longer supported with security patches.
-
Infrequent Patching: Unlike IT environments where weekly patches are common, patching an OT system can require shutting down an entire production line, making updates rare and difficult to schedule.
-
IT/OT Convergence: As industrial systems become more connected to corporate IT networks for data analysis and remote management, they inherit the risks of the IT world, creating new pathways for attackers to pivot from an office network into the industrial control layer.
Key Findings from the Honeywell 2025 Report
Beyond the headline 46% surge, the report details several other alarming trends.
| Threat Vector | Key Statistic | Impact |
|---|---|---|
| Ramnit Trojan | 3,000% Spike in infections | Repurposed banking trojan now used to steal OT system credentials, giving attackers direct access. |
| USB Devices | 1 in 4 security incidents involved a USB | Removable media remains a major blind spot, introducing thousands of unique threats. |
| Targeted Attacks | 55% of disclosed incidents were OT-specific | Shows a clear and deliberate focus by adversaries on industrial systems, not just IT networks. |
| Source: Honeywell 2025 Cyber Threat Report |
Join the conversation