The manufacturing and production industry is claiming a sad record in this year’s Sophos State of Ransomware report. This is the highest growth regarding the percentage of organizations that have been hit with ransomware in 2023.
With a 9% increase, it is among three sectors with an increasing attack rate beside healthcare [+7%] and financial services [+1%]. All other industries saw a decrease in attacks.
65% of manufacturing and production organizations reported they were hit by ransomware last year. This is a notable increase from the previous two years [56% in 2023 and 55% in 2022] and represents a 41% increase since 2020.
93% of manufacturing organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack. Of them, 53% of backup compromise attempts were successful. Additionally, three out of four ransomware attacks on manufacturing organizations [74%] resulted in data encryption, the highest encryption rate for the sector in the last five years. This rate is also higher than the 2024 cross-sector average of 70%.
In 2024, manufacturing organizations reported a mean cost of $1.67M to recover from a ransomware attack, an increase from the $1.08M reported in 2023. On average, 44% of computers in manufacturing and production are impacted by a ransomware attack. Having your full environment encrypted is extremely rare, with only 4% of organizations reporting that 91% or more of their devices were impacted.
Six in Ten Victims Now Pay the Ransom
While 58% in manufacturing restored encrypted data using backups, 62% paid the ransom to get data back. The percentage of manufacturing organizations that paid the ransom has almost doubled from our 2023 study when the sector reported one of the lowest ransom payment rates [34%] across all sectors.
A notable change over the last year is the increase in the propensity for victims to use multiple approaches to recover encrypted data [e.g., paying the ransom and using backups]. This time around, almost half of manufacturing organizations [45%] that had data encrypted reported using more than one method, more than double the rate reported in 2023 [19%].
157 manufacturing respondents whose organizations paid the ransom shared the actual sum paid, revealing that the average [median] payment has increased by 167% over the last year, from $450,000 to $1.2M.
While the ransom payment has increased, only 27% of manufacturing victims said that their payment matched the original request. 65% paid less than the original demand, while only 8% paid more.
“The increase in both number of victims and their inability to detect and respond quickly enough to prevent encryption is very concerning. Criminals are very aware of their success rates amongst different sectors and I wouldn’t be surprised to see them targeting manufacturers alongside healthcare and schools. With more than 60% of manufacturing victims choosing to pay a ransom and the median ransom paid of $1.2 million USD they are attractive targets.
It is essential organizations in this sector focus on their time to detect and time to respond metrics. While the percentage who have a ransomware incident is indicative of our prevention and proactive defense capabilities, the amount who have an incident, but their data is not encrypted is a sign of increased monitoring and effective threat hunting. It takes all three approaches to defend against hands on keyboard attacks.