A new Nozomi Networks Labs OT & IoT Security Report finds that 70 percent of global ransomware activity is targeted against English-speaking countries.
The company annually leverages their network of wireless monitoring sensors, inbound telemetry, partnerships, threat intelligence and other resources to assess the OT/IoT threat landscape. This report found that during the second half of 2025, 40 percent of all ransomware attacks targeted US-based companies, with attacks against Canada accounting for a combined 30 percent of ransomware attacks. Through the use of generative AI, attacks against companies in English-speaking countries are increasing in scale and have a higher likelihood of success, the report found.
The report also found that wireless communications are increasingly present in industrial and critical infrastructure environments, often without formal design or attention to security. The company said 68 percent of observed wireless networks still operate without Management Frame Protection (MFP), despite using modern encryption, and only 2 percent of organizations use enterprise-grade authentication. Additionally, an estimated 98 percent of observed wireless networks rely on Pre-Shared Key-based authentication, which is of particular concern since its shared credentials and long-term reuse make it hard to distinguish legitimate access from misuse.
Transportation was 2025’s most targeted industry, the report found, followed by manufacturing and the public sector. Attacks against the public sector spiked between the first and second halves of 2025, likely due to growing geopolitical tensions and a rise in nation-state activity and hacktivism.
The attacks mean increased threat levels for infrastructure, the company said.
“Critical infrastructure has never faced a more dangerous threat landscape, and the scale and severity of attacks against it will only increase,” Chris Grove, director of Cybersecurity Strategy at Nozomi Networks, said. “It is imperative for operators to understand the current threat landscape and prepare their systems accordingly. They must establish clear asset visibility, leverage AI-driven security systems to detect anomalies and threats, prioritize risk-based vulnerability management, and enable intelligence sharing to keep up with evolving tactics.”