The Growing Threat of Ransomware to the Manufacturing Sector

Ransomware has evolved from a distant “I hope it doesn’t happen to us” threat to an insidious, worldwide crisis. Among the sectors most affected is manufacturing, which has found itself more and more in attackers’ crosshairs.  

Manufacturing has long viewed itself as immune to digital crime, but ransomware attackers have belied this belief. Industrial operations rely heavily on Industrial Internet of Things (IIoT) devices, so a single breach can grant attackers remote access to critical controllers or sensors, disrupting production and causing tangible physical harm. Faced with the choice between protracted operational downtime and ponying up a ransom, many opt for the latter—making the sector a compelling target for malicious actors. 

So much so, that Comparitech research has revealed that from 2018 to October 2024, ransomware attacks on manufacturing concerns have been far more prevalent than many might expect. A staggering 858 confirmed ransomware incidents were reported, with 2023 alone accounting for 194 attacks, and the implications of these attacks are huge, with an eye-watering total cost of $17 billion in downtime and lost revenue. 

Why Manufacturing is a Ransomware Magnet 

Most manufacturers operate complex ecosystems that rely on legacy systems blending with newer technologies. These hybrid environments present vulnerabilities that cybercriminals can exploit. For example, legacy systems may not receive timely security updates, leaving them susceptible to known exploits.  

Moreover, the integration of Operational Technology (OT) and Information Technology (IT) systems can create weak links in security, as OT networks are frequently not designed with the same robust defenses as IT systems. 

Over and above technological hurdles, manufacturers have to contend with supply chain dependencies that are critical to their operations. Ransomware attacks disrupt production lines and cause the movement of goods to grind to a halt, leading to customer orders being delayed.  

With minimal tolerance for disruption, manufacturers face a Catch-22: pony up the ransom to avoid downtime or risk prolonged financial losses, hoping security teams can mitigate the threat. While the latter may result in supply chain breakdowns, loss of market share, and brand damage, there’s no guarantee coughing up will stop the attack or that attackers won’t try and take another bite at the apple through double extortion tactics. 

Key Findings from the Research 

The data Comparitech gathered on ransomware attacks in this sector provides insights into the scale and impact of these threats. Let’s take a closer look at some of the key findings from the research: 

A Stiff Financial Toll 

Between 2018 and 2024, manufacturers lost over $17 billion thanks to ransomware-related downtime. On average, each attack caused $1.9 million in losses for every day of downtime, with some leading to crippling shutdowns lasting up to 129 days. 

From Encryptors to Extortionists 

In 2023, double-extortion ransomware attacks reared their ugly head. Bad actors upped the ante by not only encrypting critical data but stealing it too and threatening to release it unless the victim paid up. A shocking 43.9 million records were compromised in 2023 alone—more than 40 times higher than the year before. 

Unpredictable Downtime and Demand Shifts 

The downtime caused by ransomware attacks ranged from several hours to 129 days. Some companies faced ransom demands as high as $200 million, such as the case of Boeing in 2023, while others were targeted with demands as low as $5,000. On average, manufacturers faced a ransom demand of $10.7 million. 

Ransom Demands Hold Steady 

The research found that ransom demands on manufacturing companies have risen significantly in recent years. In 2023 alone, cybercriminals demanded $264.3 million in ransom. Despite these extortionate demands, manufacturers are increasingly refusing to pay, with only eight companies confirming payment since 2018. 

Which Industries Are Feeling the Heat? 

Within the manufacturing sector, certain sectors are more vulnerable to ransomware attacks. Transportation and automotive came out on top, accounting for the most attacks (130). Hot on its heels was the food and beverage industry with 124. Because these sectors are deeply integrated into global supply chains, it makes them particularly compelling targets for bad actors. 

Different Tactics, Same Goal 

Attackers continue to innovate, and different ransomware strains have dominated at various points in time. Egregor and Conti were prevalent in 2020 and 2021, while LockBit emerged as the dominant strain in 2022 and 2023. Play and Black Basta have dominated in 2024 so far, underscoring the adaptive nature of cybercriminals.

The Ransom is Just the Beginning 

While ransom demands are eye-catching, the true cost of ransomware goes beyond the monetary demands. The disruption of operations can halt production lines, delay shipments, and disrupt entire supply chains.  

This cascading effect can lead to revenue losses, which have, in some cases, led to the closure of businesses. For instance, Schumag AG, a German machinery manufacturer, filed for insolvency after suffering an attack in September 2024. 

Long recovery periods also add to the financial load. Many of these entities cannot restore production quickly enough, leading to lost sales, prolonged recovery efforts, and soaring operational costs. In some cases, these attacks cause lasting reputational damage that takes years to repair. For one, the Clorox Company was attacked by ransomware in August 2023 and endured a month of order-processing delays as a result.  

One of the most significant indirect costs is the damage to customer trust that manufacturers face after they have been successfully targeted by ransomware. Customers, particularly in sectors like food, pharmaceuticals, and transportation, depend on their suppliers to be reliable and secure. A ransomware attack that causes delays or exposes sensitive information can prompt customers to head for the door and seek alternative vendors, which could cause a long-term shift in market dynamics. 

Hacked and Held Hostage 

In addition to system encryption, ransomware attacks on the manufacturing sector are increasingly targeting sensitive data. Manufacturers store vast amounts of data, from proprietary designs to customer information, all of which is valuable to cybercriminals. Attackers are no longer content with simply disrupting operations—they are also stealing and threatening to leak sensitive records. 

In 2023, a whopping 43.9 million records were compromised in ransomware attacks—that’s nearly 91% of all records breached since 2018. This surge highlights a broader trend: malefactors are using data as leverage to extort even more money from their victims. This means manufacturers are under pressure to invest in securing their networks and prevent data exfiltration. 

The Path to Stronger Defenses 

To mitigate the risk of ransomware attacks, manufacturers must adopt a multi-faceted approach to cybersecurity. This includes: 

Many ransomware attacks exploit unpatched vulnerabilities in legacy systems. Ensuring that all systems are up to date with the latest security patches is crucial.

Manufacturers should isolate critical systems from less sensitive ones to stop attackers from accessing vital data and machinery. 

Maintaining secure and up-to-date backups can help manufacturers quickly recover from ransomware attacks without paying the ransom. 

Since many ransomware attacks originate with cunning phishing emails, educating employees about recognizing suspicious emails and practicing good security hygiene is key. Investing in real-time monitoring and advanced threat detection can help identify ransomware before it spreads throughout the network. 

Ransomware is a significant threat that shows no signs of slowing down. The research is clear – attacks are escalating in frequency, sophistication, and financial impact, and this will only get worse as this sector continues to digitize and introduce new technologies.  

To protect their operations, manufacturers must take proactive measures to avoid the high costs of downtime and the potential long-term damage. Investing in cybersecurity is no longer optional—it’s a necessity. 

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.