Ransomware Elevates Cybersecurity to National Security Priority
A surge in high-profile ransomware attacks targeting both the United Kingdom and the United States has prompted government officials to reclassify cybersecurity as a matter of national security. Anne Neuberger, former White House deputy national security adviser for cyber, emphasized at a London event that the societal and economic impacts of these attacks have become untenable, with incidents affecting major retailers like Marks & Spencer and manufacturers such as Jaguar Land Rover. The financial fallout from these attacks is significant, with cleanup and disruption costs reaching hundreds of millions of dollars for individual companies and broader economic impacts estimated in the billions.
In response, governments are increasingly engaging with private sector leaders to develop coordinated strategies for ransomware mitigation, recognizing that the threat extends beyond IT departments to affect national infrastructure and economic stability. The call for enhanced public-private cooperation reflects a shift in policy, as authorities seek to address ransomware as a systemic risk requiring unified action across both public and private sectors.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Anne Neuberger frames ransomware as a national security priority
Speaking at a Royal United Services Institute event in London, Anne Neuberger said repeated high-profile ransomware incidents in the U.K. and U.S. have elevated cybersecurity from an IT issue to a national security priority. She called for coordinated public-private action, possible restrictions on ransom payments, and stronger efforts to disrupt ransomware financing.
U.S. sanctions crypto mixers Blender and Sinbad
The United States imposed sanctions on crypto mixers including Blender and Sinbad for their role in laundering illicit funds, including ransomware proceeds. Officials later argued such actions need to be faster and more aggressive because illicit actors can quickly reconstitute their infrastructure.
Ransomware attack affects Jaguar Land Rover
Jaguar Land Rover was also cited as a major U.K. victim of ransomware, with disruption affecting operations and supply chains and contributing to significant financial impact. The incident added to parliamentary scrutiny of how companies and government handle ransomware risk.
Ransomware attack hits Marks & Spencer
Marks & Spencer was among the major U.K. organizations cited as suffering a high-profile ransomware incident with broad operational and economic effects. The attack became part of a wider debate over corporate cyber preparedness and government support.
Russia's invasion of Ukraine reduces viability of ransomware diplomacy
After Russia invaded Ukraine, U.S. officials assessed that diplomatic pressure on Russia over ransomware became less effective. This shift contributed to greater emphasis on other policy options such as restricting ransom payments and strengthening resilience measures.
DarkSide ransomware attack disrupts Colonial Pipeline
A 2021 ransomware attack attributed to the DarkSide group hit Colonial Pipeline in the United States, becoming a major example of ransomware causing national-level disruption. The incident helped drive subsequent U.S. policy changes and diplomatic pressure on Russia.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Public Sector Cybersecurity Threats and Ransomware Trends
Government organizations worldwide are facing escalating cyber threats, with ransomware and extortion attacks sharply increasing in frequency and sophistication. Over 117 US federal and state entities were impacted in 2024, and attackers are increasingly targeting third-party providers and leveraging new tactics such as data extortion without encryption. The MOVEit and GoAnywhere supply chain breaches have had lasting repercussions, exposing sensitive data from government-linked organizations. Attackers are also employing advanced techniques, including the use of AI for phishing and deepfakes for social engineering, further complicating defense efforts. International coalitions, such as the Counter Ransomware Initiative (CRI), are urging stronger supply-chain cyber defenses and coordinated global action, highlighting the immediate and urgent threat ransomware poses to national security and economic stability. Despite some progress in reducing ransomware payments, attacks continue to disrupt major companies and public sector entities worldwide. The CRI, now comprising 61 countries and six international organizations, has released new guidance emphasizing the need for improved cyber hygiene and legislative action to address supply-chain vulnerabilities. Critics warn that legislative gaps persist, leaving critical systems exposed, while the ongoing digital transformation and prevalence of legacy systems in the public sector further increase risk. The convergence of these factors underscores the urgent need for comprehensive cybersecurity strategies and international cooperation to bolster resilience against evolving threats.
Mar 21, 2026
Global Surge in Ransomware Attacks and Their Impact on Organizations
Ransomware attacks have reached unprecedented levels globally, with the third quarter of 2025 witnessing a 36% year-over-year increase in publicly disclosed incidents, according to BlackFog’s latest report. The total number of ransomware attacks reported in this period climbed to 270, marking a 335% rise since Q3 2020. These attacks have caused significant operational disruptions across various sectors, including airlines, automotive manufacturers, governments, and organizations in 93 countries. Notable incidents include grounded aircraft, stranded passengers, and manufacturers such as Jaguar Land Rover being forced to halt production, with some operations only recently resuming after prolonged outages. The impact of ransomware extends beyond large enterprises, severely affecting small businesses that often lack the resources and security infrastructure to defend against such threats. Many small business owners have reported devastating financial consequences, with some losing nearly all their savings and seeing their businesses shrink dramatically. The attack on the UK nursery chain Kido in September 2025 highlighted the evolving tactics of ransomware groups, as sensitive data on children, parents, and carers was exfiltrated, raising concerns about the targeting of vulnerable sectors. Ransomware operators are increasingly indiscriminate, targeting organizations of all sizes and types, and seeking leverage through data theft and extortion. The psychological and financial toll on victims is profound, with individuals and organizations facing long-term recovery challenges. Research indicates that small businesses are particularly vulnerable, often lacking dedicated IT security staff, legal support, or sufficient cash reserves to weather the aftermath of an attack. The stress and adversity experienced by victims underscore the need for robust data protection and incident response strategies. Experts emphasize that the best defense is to make it as difficult as possible for cybercriminals to succeed, focusing on data protection to reduce the incentive for extortion. The continued upward trend in ransomware volumes signals an urgent need for organizations to reassess their security postures and invest in preventive measures. The widespread and lasting impact of these attacks demonstrates that ransomware remains one of the most significant threats to global business continuity and data security. Organizations are urged to prioritize anti-data exfiltration technologies and comprehensive incident response planning. The evolving threat landscape requires constant vigilance and adaptation to new attacker tactics. The experiences of both large enterprises and small businesses illustrate the far-reaching consequences of ransomware, from operational shutdowns to personal financial ruin. As attackers become more aggressive and sophisticated, the imperative for proactive defense and resilience has never been greater.
Mar 21, 2026
Major Ransomware Trends and High-Profile Attacks in 2025
Ransomware activity surged in 2025 despite significant law enforcement actions against major ransomware-as-a-service (RaaS) groups, with new groups quickly filling the void and victim numbers reaching record highs. Data from RansomLook.io and Ransomware.live showed a sharp increase in claimed ransomware victims, with global numbers rising from approximately 5,400 in 2023 to over 8,000 in 2025. Attackers increasingly relied on social engineering rather than technical exploits, and the impact of ransomware was felt across all sectors, including retail, education, government, and healthcare. Notable incidents included coordinated campaigns against major UK retailers and disruptive attacks on organizations such as Coupang, University of Phoenix, and the NHS’s technology provider DXC Technology. The year’s most significant attacks demonstrated the systemic and cross-sector nature of modern cyber risk, with attackers exploiting third-party dependencies and identity weaknesses to maximize disruption. High-profile breaches led to operational outages, data exposure, and substantial financial and reputational damage, as seen in the case of Marks & Spencer, which suffered a dramatic drop in profits following a ransomware campaign attributed to the Scattered Spider group. These incidents have prompted organizations to reassess their incident response strategies, invest in ransomware readiness, and strengthen supply chain security as they prepare for evolving threats in 2026.
Mar 21, 2026