Ransomware attacks on the oil and gas sector have skyrocketed by a staggering 935% between April 2024 and April 2025, according to a recent security report from Zscaler. This alarming increase has caught many cybersecurity experts by surprise, as historically, hackers have primarily targeted industries like finance, healthcare, and manufacturing. The oil and gas sector, which many once considered relatively safe from such attacks, is now facing an unprecedented wave of cyber threats.
What’s particularly striking is that nearly 50% of the ransomware attacks during this period were concentrated in the United States, with the country topping the list of 15 nations most affected by these cybercrimes. This indicates a broader global trend, with the U.S. once again emerging as a primary target for cybercriminals. Zscaler’s report, based on its data analysis systems and ransomware leak sites, sheds light on these developments, offering a deep dive into the strategies and tactics used by cybercriminal groups in the current climate.
The Shift from Simple Encryption to Sophisticated Double Extortion
In previous years, ransomware attacks were often characterized by the straightforward encryption of data, leaving organizations unable to access their own files until a ransom was paid. However, a worrying new trend has emerged in which cybercriminals are shifting from merely encrypting databases to employing a more sinister tactic known as “double extortion.” In this approach, attackers not only encrypt a victim’s data but also exfiltrate sensitive information. The hackers then threaten to release or sell this stolen data on the dark web if the ransom demands are not met.
This shift in tactics indicates that cybercriminals are no longer simply focused on disrupting business operations. Instead, their aim is to monetize stolen data by holding it hostage and leveraging the threat of public exposure to force victims into paying substantial ransoms. The stolen data is often sold to third-party buyers or used for additional malicious purposes, making the impact of these attacks even more devastating.
The Key Players in the Ransomware World
Zscaler’s report also identifies the three major ransomware groups driving these attacks. Among them, RansomHUB has emerged as the most prolific, with 833 reported victims between 2024 and 2025. Akira follows with 520 victims, and Clop rounds out the top three with 488 victims. These groups have become the primary actors in the ransomware landscape, deploying various tactics to maximize their payouts.
However, there is a silver lining. Zscaler also points out that while the number of ransomware gangs is steadily increasing, many new groups are finding it increasingly difficult to maintain their operations. This is due in large part to the intensified efforts of law enforcement agencies, including high-profile initiatives like Operation Cronos and Operation Checkmate, which have disrupted several prominent cybercrime syndicates. As a result, many new ransomware groups are struggling to survive in the “ransomware-as-a-service” (RaaS) ecosystem.
An Unprecedented Rise in New Ransomware Gangs
Despite the challenges faced by some groups, the overall number of ransomware gangs has risen significantly. Between April 2024 and April 2025, a total of 34 new ransomware gangs emerged, bringing the total number of active groups to 425. This rapid growth underscores the growing appeal of ransomware as a highly profitable criminal enterprise, as well as the increasing sophistication of these cybercriminal organizations.
While the emergence of new gangs is concerning, there is hope that ongoing global law enforcement crackdowns and the tightening of cyber defenses may help curb this troubling trend. As the authorities continue to dismantle cybercrime networks and seize the infrastructure behind these attacks, the psychological toll on ransomware actors may increase, discouraging the formation of new gangs and reducing the frequency of attacks.
Conclusion: A Challenging Future, but Some Hope
The dramatic surge in ransomware attacks on the oil and gas sector is a wake-up call for organizations across industries. With the rise of more advanced attack methods, including double extortion and data exfiltration, businesses must be more vigilant than ever in strengthening their cybersecurity measures. The increase in new ransomware groups is a reminder that the cyber threat landscape is constantly evolving, and organizations need to stay ahead of the curve.
However, the collective efforts of cybersecurity professionals, law enforcement, and private companies are beginning to have an impact. While the number of ransomware gangs continues to grow, their ability to sustain operations is being challenged. This provides a glimmer of hope in the fight against ransomware, suggesting that with continued vigilance and collaboration, the tide may eventually turn in favor of cybersecurity defenders.
Join our LinkedIn group Information Security Community!
