Nozomi Networks Labs Report Finds 70% of Ransomware Activity Concentrated Against English-Speaking Countries

SAN FRANCISCO, Feb. 19, 2026 /PRNewswire/ — The latest Nozomi Networks Labs OT & IoT Security Report released today finds 70% of global ransomware activity is targeting English-speaking countries. During the second half of last year, 40% of all ransomware attacks targeted US-based companies, with attacks against Canada and the UK accounting for a combined 30% of ransomware attacks. As threat actors increase their usage of generative AI in their activity, attacks against companies in English-speaking countries are increasing in scale and have a higher likelihood of success. Alarmingly, these three countries account for nearly 30% of the world’s GDP, meaning attackers have the potential for massive macroeconomic disruption from successful attacks.

Read the Report: OT/IoT Cybersecurity Trends and Insights, February 2026.

Other key findings from this latest report include:

Wireless Networks Continue to Pose a Severe Security Threat
Wireless communications are increasingly present in industrial and critical infrastructure environments, often without formal design or attention to security, and sometimes completely unknown to the operators. Nozomi’s report found that 68% of observed wireless networks still operate without Management Frame Protection (MFP) despite using modern encryption, and only 2% of organizations use enterprise-grade authentication, such as 802.1X. Additionally, approximately 98% of observed wireless networks rely exclusively on Pre-Shared Key (PSK)–based authentication, making it by far the dominant model in operational environments. This is a particular concern as shared credentials remove accountability and enable long-term reuse, making it hard to distinguish legitimate access from misuse once exposed. While the PSK security model works well for coffee shops and guest Wi-Fi, it is not suitable for industrial enterprises.

Transportation Was 2025’s Most Targeted Industry, Public Sector Threats Spike
In both halves of 2025, the transportation industry was the most targeted of all, and in the second half of 2025 was followed by manufacturing and public sector. Notably, attacks against public sector spiked between the first and second halves of 2025, due in large part to growing geopolitical tensions leading to a rise in nation-state activity and hacktivism. Unique to the public sector, Discovery tactics were the most commonly detected, most likely due to many threat actors still exploring the environments they intend to attack.

Scattered Spider Activity Accounts for Nearly Half of Attacks
Following a very active period in the Summer of 2025, Scattered Spider accounted for 42.9% of all actor-related alerts in the second half of the year. Kimsuky (out of North Korea), APT29 (out of Russia), CURIUM (out of Iran), and Mustard Tempest (no nation-state affiliation) were the second through fifth most active groups, respectively. Based on these findings and given current geopolitical tensions, Nozomi expects activity related to China, Iran, and Russia to be dominant trends to monitor for in 2026.

Security Insights and Recommendations to Protect Critical Infrastructure
“Critical infrastructure has never faced a more dangerous threat landscape, and the scale and severity of attacks against it will only increase,” said Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks. “It is imperative for operators to understand the current threat landscape and prepare their systems accordingly. They must establish clear asset visibility, leverage AI-driven security systems to detect anomalies and threats, prioritize risk-based vulnerability management, and enable intelligence sharing to keep up with evolving tactics.”

Nozomi Networks Labs’ “OT/IoT Cybersecurity Trends and Insights” report provides security professionals with updated information to re-evaluate risk models and security initiatives and recommendations for securing critical infrastructure.

Related Resource:

• Read: OT/IoT Cybersecurity Trends and Insights, February 2026

About Nozomi Networks
Nozomi Networks protects the world’s critical infrastructure from cyber threats. Our platform uniquely combines network and endpoint visibility, threat detection, and AI-powered analysis for faster, more effective incident response. Customers rely on us to minimize risk and complexity while maximizing operational resilience. www.nozominetworks.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/nozomi-networks-labs-report-finds-70-of-ransomware-activity-concentrated-against-english-speaking-countries-302692323.html

SOURCE Nozomi Networks