Ransomware Incidents in Automotive Sector Surge Significantly in 2025: Insights from Upstream Security

Ransomware Incidents in Automotive Sector Surge Significantly in 2025

A recent report released by Upstream Security, a prominent cybersecurity platform specializing in connected vehicles, highlights a disturbing trend in the automotive and smart mobility sectors. The findings reveal that ransomware attacks have more than doubled in 2025, which has sparked serious concerns about the implications for manufacturers, suppliers, and consumers alike.

Increased Attack Vectors Driven by Technology

Upstream’s 2026 Global Automotive and Smart Mobility Cybersecurity Report, now in its eighth year, underscores the rapid advancement and adoption of technologies such as Physical AI and API-driven architectures. These innovations facilitate the performance of connected vehicles but unfortunately expand the attack surface for hackers.

The report analyzed 494 publicly reported cybersecurity incidents over the past year and found a significant correlation between the rise in sophisticated organized threat actors and the escalating cybersecurity risks. The increased sophistication of these threat actors is facilitating broad cyber risks that can lead to catastrophic financial and operational disruptions.

Yoav Levy, Co-Founder and CEO of Upstream, emphasized that AI, while serving as a vital tool for improving operational efficiency and safety in vehicles, also enables attackers to execute their plans with greater speed and scale. This duality presents an ongoing challenge for the automotive industry, which tends to rely on traditional security models that can no longer keep pace with the evolving threat landscape.

A Dramatic Rise in Ransomware Attacks

The report found that ransomware incidents accounted for 44% of total attacks in 2025, which is more than twice the volume of such incidents in 2024. This spike signifies a worrying trend where attack scenarios are not only limited to IT and enterprise systems but have also extended to actual vehicles. For example, some attackers reportedly accessed remote vehicle command systems via associated mobile apps, locking owners out of their vehicles and demanding ransom payments to regain control.

These ransomware attacks result in severe operational and economic damages, potentially causing billions of dollars in losses across the automotive ecosystem. A notable case highlighted in the report involved a significant cyberattack on a European Original Equipment Manufacturer (OEM), where operations were paralyzed for weeks, leading to cascading impacts on suppliers and local economies.

Remote Targeting and Data Breaches

A significant 92% of automotive cyberattacks were executed remotely, with 86% requiring no physical access to vehicles or systems, a testament to the vulnerabilities posed by expanding connectivity. Furthermore, 68% of reported incidents involved data and privacy breaches, emphasizing the urgent need for improved cybersecurity measures across the industry.

Additional findings showed that 71% of incidents were attributed to black hat actors, which is an increase from 65% in 2024. The importance of API security is highlighted, as APIs remain the nervous system of the automotive and smart mobility ecosystem, creating points of vulnerability that attackers can exploit.

Addressing the Challenges Ahead

The report not only sheds light on the rising threats but also discusses key strategies that automotive manufacturers and tech companies need to adopt to bolster their cybersecurity posture. A multi-faceted approach involving advanced detection and response technologies, alongside AI-driven security measures, will be crucial in combating the increasing threats of ransomware and other cyberattacks.

To summarize, the increase in ransomware attacks within the automotive and smart mobility sectors highlights a critical need for innovative security solutions that can keep up with the fast-paced technological advancements in the industry. As this landscape continues to evolve, organizations must remain vigilant and proactive in their cybersecurity strategies to mitigate risk and protect both their operations and their customers.