Manufacturing exposed: over half of IT managers tackling costly ransomware attacks


Ransomware attacks in manufacturing and production have crept up to a level where 56% of IT and cybersecurity managers must address ransomware attacks within a year, the newest Sophos 2023 Threat Report shows. The report also highlights adversaries’ appetite for ransom payments, which have more than quadrupled.

The number of affected manufacturing organizations continues the growth trend — it’s slightly higher than the previous year when 55% of respondents reported their organization was hit by ransomware.

More attacks now end up successfully encrypting organizations’ data. 68% of affected respondents reported that their data was encrypted during an attack, an 11 percentage point increase from the previous year or a 19 PPT increase across two years.

ADVERTISEMENT

Every third manager admitted to paying the ransom to regain their data, while 73% of organizations used backups. Manufacturers reported the lowest data recovery rate of all industries, with only 88% of cases resulting in successful data restoration. The global average stands at 97%.

Threat actors are executing attacks at scale while refining the ransomware-as-a-service model. It lowers the barrier to entry for wannabe hackers and increases the attack sophistication through specialization in different stages of the attack.

Ransoms skyrocketed

The median ransom payment went up from $76,500 in 2022 to $400,000 reported in this year's study. The average payment is almost three times higher at $1.26M, indicating that there have been some substantial sums paid to adversaries.

Moreover, attackers have adopted a "double dip" approach, stealing data in addition to encrypting it, in 32% of attacks.

“The threat of making stolen data public can be used to extort payments and the data can also be sold. The high frequency of data theft increases the importance of stopping attacks as early as possible before information can be exfiltrated,” the Sophos study writes.

Manufacturers more susceptible to social engineering

Manufacturing and production reportedly have the second lowest rate of ransomware attacks of all sectors surveyed, with only IT, technology, and telecoms reporting a lower rate of attack (50%). This suggests a higher level of cyber readiness and defenses in these sectors. Education is the most likely sector to be hit, where 80% of organizations had to deal with ransomware attacks.

ADVERTISEMENT

While manufacturers seem to have a smaller attack surface for cybercriminals, they experience a higher proportion of attacks through malicious emails and phishing (41% vs. 30% cross-sector average). To a lesser degree, attacks come from exploited vulnerabilities (24% vs. 36%) or compromised credentials (27% vs. 29% average).

Backups reduced recovery costs

The recovery cost from ransomware attacks in all the sectors averages $1.82M, excluding ransom payments in 2023. That’s an increase from a year before at $1.4M, including ransom payments.

Manufacturing seems to defy this global trend. Here, the recovery costs decreased from the mean of $1.23M to $1.08M. The likely cause is the increased use of backups, which is twice as cost-effective for recovering from ransomware attacks, Sophos measures.

The study commissioned by Sophos involved 3,000 IT and cybersecurity leaders in organizations ranging from 100 to 5,000 employees across 14 countries, including 363 managers in manufacturing and production. The survey was conducted between January and March 2023.

According to data provided by the FBI Internet Crime Complaint Center, as quoted in Verizon’s 2023 Data Breach Investigations Report, a significant number of incidents may cause a severe loss to an organization. While most of the incidents, 93%, inflicted no loss in 2022, for the remaining 7%, the median value lost was $26,000 and ranged between $1 and $2.25 million.