2025 Automotive carmakers ransomware surge
Target Trend
Summary
Hide ▲
Show ▼
In 2025, ransomware became the fastest-growing and most disruptive threat to automotive carmakers, accounting for 44% of attacks and more than doubling over the year. The trend raises sector-wide disruption risk because automakers depend on connected vehicle platforms, OTA update mechanisms, cloud services, and third-party suppliers. Low tolerance for downtime makes the sector especially vulnerable to production stoppages and supply-chain knock-on effects.
Related Happenings
0APT and KryBit ransomware turf war forces rebuild and rebrand pressure
Threat Actor Meta
First: 28.04.2026 16:00
Last: 28.04.2026 16:00
Sources 1
About this happening:
**0APT** and **KryBit** escalated a ransomware turf war in **April 2026** by leaking each other's operational data, defacing leak sites, and exposing infrastructure details that u...
0APT and KryBit ransomware turf war forces rebuild and rebrand pressure
Threat Actor MetaAbout this happening: **0APT** and **KryBit** escalated a ransomware turf war in **April 2026** by leaking each other's operational data, defacing leak sites, and exposing infrastructure details that u...
Unidentified carding actor formalizes a three-tier OPSEC model for high-volume carding operations
Threat Actor Meta
First: 28.04.2026 15:50
Last: 28.04.2026 15:50
Sources 1
About this happening:
An unidentified **carding actor** has formalized a **three-tier OPSEC model**, raising the durability of **high-volume carding operations** by separating identity, execution, and...
Unidentified carding actor formalizes a three-tier OPSEC model for high-volume carding operations
Threat Actor MetaAbout this happening: An unidentified **carding actor** has formalized a **three-tier OPSEC model**, raising the durability of **high-volume carding operations** by separating identity, execution, and...
Halcyon automotive ransomware mitigation guidance
Advisory/Mitigation
First: 16.04.2026 11:35
Last: 16.04.2026 11:35
Sources 1
How related:
Halcyon urged automotive sector IT teams to get ahead of the ransomware threat by:
About this happening:
**Halcyon** urged **automotive sector IT teams** to harden their environments against a **ransomware threat** that is pressuring carmakers and their suppliers. The guidance priori...
Halcyon automotive ransomware mitigation guidance
Advisory/MitigationHow related: Halcyon urged automotive sector IT teams to get ahead of the ransomware threat by:
About this happening: **Halcyon** urged **automotive sector IT teams** to harden their environments against a **ransomware threat** that is pressuring carmakers and their suppliers. The guidance priori...
Rising cyber-incident impact across UK manufacturers
Target Trend
First: 01.04.2026 12:30
Last: 01.04.2026 12:30
Sources 1
About this happening:
A survey found **UK manufacturing organizations** are facing broad cyber-incident harm, with **78%** reporting a serious incident and **95%** seeing direct business impact. The pa...
Rising cyber-incident impact across UK manufacturers
Target TrendAbout this happening: A survey found **UK manufacturing organizations** are facing broad cyber-incident harm, with **78%** reporting a serious incident and **95%** seeing direct business impact. The pa...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor Meta
First: 31.03.2026 15:15
Last: 31.03.2026 15:15
Sources 1
About this happening:
TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor MetaAbout this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
Timeline
-
16.04.2026 11:35 2 articles · 1mo ago
Halcyon report on 2025 automotive carmaker ransomware surge
Technical Analysis UpdateHalcyon says ransomware became the fastest-growing and most disruptive cyber threat facing automotive carmakers in 2025, accounting for 44% of attacks and more than doubling over the year. The report links the risk to connected vehicle platforms, over-the-air (OTA) update mechanisms, cloud-based environments, and privileged third-party supplier access, and recommends patching VPNs, RDP endpoints and ERP systems, deploying phishing-resistant MFA, hardening EDR, maintaining immutable offline backups, and monitoring third-party breaches.
Show sources
- Automotive Ransomware Attacks Double in a Year — www.infosecurity-magazine.com — 16.04.2026 11:35
- Automotive Ransomware Attacks Double in a Year — www.infosecurity-magazine.com — 16.04.2026 11:35