FBI: Ransomware Still a Top Threat to Critical Infrastructure
The Internet Crime Complaint Center identified more than 2,100 ransomware incidents in 2025 directed at U.S. critical infrastructure, including health care, energy and critical manufacturing, among other sectors.
Ransomware continues to pose a serious threat to U.S. critical infrastructure, with more than 2,100 related incidents reported to federal authorities in 2025, according to the latest FBI Internet Crime Complaint Center (IC3) report.
To put that number in perspective, IC3 reported roughly 1,100 data breach threats to critical infrastructure, which includes sectors such as health care, critical manufacturing, financial services, energy and agriculture, among others. Ransomware attacks directed at critical infrastructure are serious, possessing as they do the potential to disrupt operations, expose sensitive data and affect the delivery of public services.
Those incidents have implications for state and local government organizations, which operate or support many of these systems. The nation’s critical infrastructure spans 16 sectors whose disruption would have a debilitating effect on the United States. Of these, the health-care and public health services sector reported the highest number of incidents, the report shows.
A table representing critical infrastructure reports of ransomware and data breaches.
FBI.
The FBI also named several ransomware groups targeting U.S. critical infrastructure. The top three in 2025 were Akira, Qilin and Lynx. All of them are ransomware-as-a-service operations that use double extortion, meaning they demand ransom for both stolen data as well as to unlock encrypted data. They also heavily rely on compromised credentials to enter and exploit systems, disable processes such as virus scans, delete backups and encrypt files.
While threat actors and cybersecurity firms often attribute attacks to specific groups, public agencies rarely confirm who attacked. Attribution is typically based on third-party tracking or on online attacker claims.
Across all sectors, the IC3 received 3,611 ransomware reports with more than $32 million in financial loss during 2025. While significant, the report notes these numbers likely understate the true impact because they don’t reflect the downtime, recovery costs and other operational losses caused by ransomware. In addition, the totals don’t reflect reports made directly to FBI field offices.
