Ransom gangs have cost manufacturers $46B

Downtime caused by ransomware attacks on the manufacturing industry have cost it $46 billion over the past five years, a cybercrime round-up can reveal.

That total doesn’t include the cost of ransoms paid on the 478 attacks since 2018 on manufacturing businesses, with demands varying wildly — from just $5,000 in the first recorded instance to $50 million.

The latter sum was demanded on separate occasions by chief ransomware actors REvil and LockBit from Acer and Quanta Computer respectively in 2021. In the former case, Acer offered to pay $10 million but this was reportedly rejected by REvil.

Indeed, there are only four recorded instances of a ransom being paid by a manufacturer, according to five years’ worth of data from 2018 scrutinized by researcher Comparitech.

“Only four companies are known to have paid the ransom but many organizations will withhold this information in fear it makes them more vulnerable to these attacks,” it said, adding that it could confirm that two of the paid sums totalled $750,000.

The apparent low rate of successful extortion, which may, in any case, be far higher in reality, has not stopped ransom gangs from chancing their arms, with a mean average of $11.2 million demanded per incident.

And ransom gangs have only become more confident of being able to drive a hard bargain over the years — the first paltry asking sum of $5,000 recorded by Comparitech in 2018 was soon bettered.

The second documented case involving a manufacturing target saw the culprits demand a cool $6 million in 2019, with the average increasing to $8.9 million the following year before peaking at $21.9 million in 2021. Last year saw ransomware operators curb their enthusiasm somewhat, with the average demand across nine cases to hit the manufacturing sector dropping back to $8.8 million.

All of which brings us to the present year, with the first six months of 2023 seeing four cases of ransomware to hit the industry, with an average demand of ‘just’ $1.7 million.

Downtime is biggest problem

Comparitech appears to believe that the worst outcome of a ransomware attack for most manufacturers is the money lost due to idle time forced on companies crippled by such assaults. This is the case regardless of whether or not they cave in to cybercriminals’ demands for payment.

“When a manufacturing company is hit with a ransomware attack, it can significantly impact its production lines, meaning customer orders cannot be fulfilled and day-to-day operations come to a standstill,” it said.

Comparitech says this explains the “extortionately high ransom demands” on the manufacturing sector.

“This is likely due to the fact that these organizations can ill afford system downtime that halts production and impacts sales,” it said.

For example, French construction company Clestra Hauserman lost an estimated $2-3 million after being forced to cease operations for seven weeks following a ransomware attack in April last year.

The consequences of this lost revenue were harsh for Clestra and its unfortunate employees. “This ultimately led to the company going into receivership,” said Comparitech.

Most targeted nations

In terms of countries targeted, the US has unsurprisingly borne the biggest brunt of manufacturing ransomware attacks, with 212 being launched against it since 2018 at a total estimated cost of more than $20 billion in downtime.

Germany and France have also suffered, with around 40 ransom attacks on each country since 2018, at a total cost of nearly $10 billion.

What’s more, Comparitech suggests this could even be an understatement, with the true cost of downtime significantly higher for bigger targets.

“However, as our study covers a number of companies, large and small, we have chosen to opt for the lower figure,” it added.

With 55 attacks confirmed worldwide on manufacturers so far this year, the average downtime per incident currently stands at around one week.

“Ransomware attacks remain a key threat for this sector going forward,” said Comparitech. “Not only that, but attacks via third parties have widespread consequences on all industries.”

Citing recent cyberattacks by the notorious gang Cl0p on Fortra and MOVEit, it added: “We are seeing an increase in the data stolen via these attacks, meaning companies with sensitive data, for instance, pharma companies, are particularly vulnerable.”

More from Cybernews:

Google Street View car flees police and plunges into river

CareSource victim of Cl0p attack, patient data allegedly leaked

Microsoft: Russian hackers behind Teams attacks

Feds launch probe into China's US gov email hack

Curve Finance drained of $70M

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked