Surge in Ransomware and Supply Chain Attacks: A November Overview
November revealed a troubling trend in cybersecurity, showing that attacks via ransomware and supply chains have reached their second-highest levels recorded. Research from Cyble highlights an alarming convergence between the two types of cyber threats, shedding light on the growing complexity of the cyber landscape.
Ransomware’s Grip on Supply Chain Attacks
In November, ransomware groups were responsible for 58% of documented software supply chain attacks, according to Cyble’s findings. Although this marks a decrease from October’s staggering 73%, it illustrates a significant and concerning trend. The company emphasized that these groups are increasingly looking for weaknesses within software supply chains, leading to a notable increase in overall supply chain attacks, with incidents doubling since April 2025.
Cyble’s dark web researchers reported a total of 38 supply chain attacks in November, only slightly less than October’s peak. Of these, 22 were attributed to ransomware groups, highlighting the ongoing threat to organizational resilience in various sectors.
Rising Ransomware Incidents
The overall number of ransomware attacks surged to 640 in November, marking the seventh consecutive monthly rise. This continues to trail only behind the record set in February 2025. Such sustained growth indicates an alarming trend for organizations of all sizes.
Leading Ransomware Groups
Qilin Dominates the Ransomware Scene
Among ransomware groups, Qilin once again stood out as the leader, having claimed 127 attacks. Following closely was Akira with 103 attacks. Additionally, the groups CL0P, INC Ransom, and Play filled out the top five, making it evident that some ransomware operators continue to operate with exceptional efficacy, despite the challenges presented by ongoing security measures.
Geographic Disparities in Attacks
The United States remained the primary target for ransomware attacks, suffering 356 incidents in November—ten times more than Canada, which recorded only 35 attacks. Other countries including the UK, Germany, India, and Italy had significantly lower figures, each affected by ransomware attacks in the teens.
Sector-Specific Vulnerabilities
November’s attack focus was particularly pronounced in specific sectors. The construction, professional services, and manufacturing industries saw over 50 ransomware incidents each. The healthcare sector, along with energy and utilities, IT, consumer goods, and technology, all reported more than 30 attacks each. This highlights a dangerous trend where critical sectors increasingly face cyber threats.
The Convergence of Ransomware and Supply Chain Attacks
Cyble noted that many ransomware attacks reported in November also indicated supply chain implications. Researchers described the period as particularly noteworthy for assaults on vital sectors and the IT supply chain. Several groups were reported to exfiltrate sensitive documents, including technical and project documentation.
Among notable incidents was an Akira attack targeting a major South Korean lithium-ion battery manufacturer. Another significant incident involved an attack on a U.S. emergency alert system, showcasing the diverse range of targets that ransomware groups are willing to exploit.
Other documented ransomware attacks included:
- An Akira strike on a U.S.-based manufacturer of embedded computing systems, involving the theft of sensitive project information and military-related materials.
- A Qilin attack compromising a Florida regional airport, which resulted in the theft of employee IDs and internal operational documents.
These incidents collectively underscore the rising threat to critical infrastructure and sensitive sectors, calling for a heightened level of vigilance from security professionals.
Recommendations for Enhanced Cybersecurity
In light of these alarming trends, Cyble emphasizes the necessity for organizations to adopt strong cybersecurity measures. Experts recommend a range of best practices to counter such threats, including effective vulnerability management, robust network segmentation, and strong access controls. Other strategies include maintaining ransomware-resistant backups and hardening systems and applications to mitigate vulnerabilities.
As ransomware and supply chain attacks continue their precarious climb, the need for resilient cybersecurity frameworks grows more pressing. Organizations must remain proactive and vigilant to protect their assets and data against emerging threats.
