The uptick began in the fourth quarter of 2024 and continued into 2025, with the increases largely attributed to Clop’s exploitation of a popular file sharing service.

Jonathan Braley, director of cyber information sharing organization Food and Ag-ISAC, spoke at the RSA Conference on Thursday and warned of not only the increase in ransomware incidents but the continued lack of visibility into the full scope of the problem.

“A lot of it never gets reported, so a ransomware attack happens and we never get the full details,” he told Recorded Future News on the sidelines of the conference. “I wish companies would be more open in talking about it and sharing ‘Here's what they use, here's how we fixed it,’ so the rest of us can prevent that.”

The uptick began in the fourth quarter of 2024 and continued into 2025, with the increases largely attributed to Clop’s exploitation of a popular file sharing service. But Braley noted that even when they took out the attacks attributed to Clop, groups like RansomHub and Akira were still continuing to attack the food industry relentlessly.

The Food and Ag-ISAC obtained its numbers through a combination of open-source sites, dark web monitoring, member input and information sharing between National Council of ISAC members.

The industry saw 31 attacks in January and 35 in February before a dip to 18 attacks in March.

The 84 attacks seen from January to March were more than double the number seen in Q1 2024.