Create a free Collision Repair Mag account to continue reading

Ransomware: Auto attacks up by more than 100% in 2025

Ups Picsart Ai Image Enhancer

Ransomware accounted for 44% of publicly reported automotive and smart mobility cyber incidents in 2025, more than double the share recorded the previous year, according to Upstream Security’s 2026 global automotive and smart mobility cybersecurity report.

The report analyzed hundreds of publicly disclosed incidents worldwide and found that 92% of attacks were conducted remotely, with 86% requiring no physical access to a vehicle. 

Telematics systems, cloud platforms and application programming interfaces were identified as the primary vectors in 67% of cases. Upstream also reported that 68% of incidents involved data or privacy breaches, and more than half had the potential to impact thousands to millions of vehicles or mobility assets.

“Ransomware now accounts for 44% of all automotive cyber incidents. Well-organized threat actors are shifting their focus toward large-scale campaigns against the connected vehicle ecosystem,” said Matthias Lenk (right), head of global cyber threat intelligence at Upstream, in a LinkedIn post announcing the report.

Yoav Levy (left), co-founder and CEO of Upstream, said the expansion of artificial intelligence in vehicle systems is reshaping both development and risk.

“The automotive industry is an early adopter of Physical AI, and as AI capabilities rapidly expand across markets, it now serves as the reference architecture for safety-critical, highly connected systems,” Levy said in the company’s press release. “However, AI is also enabling attackers to move faster, at greater scale, and with more automation while the industry is still relying on security models built for a far more static world.”

Upstream’s findings come as automotive service networks in North America have faced high-profile cyber disruptions in recent years. In 2024, a ransomware attack on CDK Global temporarily disrupted operations at thousands of dealerships across the United States and Canada, affecting parts ordering and service management systems. In 2025, a cyberattack targeting Jaguar Land Rover’s systems disrupted parts logistics and limited access to certain internal platforms, delaying some repair operations.

Those incidents were not part of Upstream’s analysis but illustrate the broader exposure facing connected automotive ecosystems. For Canadian collision repair facilities, the increasing integration of cloud-based diagnostics, over-the-air software updates and networked calibration tools places shops within the same digital infrastructure that attackers target.

As vehicles become more software-defined and reliant on back-end connectivity, the operational risks extend beyond structural repair and mechanical restoration. The Upstream report concludes that cybersecurity risk now spans the full vehicle lifecycle as connected systems have become standard across global fleets.

Page 1 of 126
Next Page