The most recent annual analysis by Sophos on the practical occurrences of ransomware in manufacturing and production entities delves into the complete victim path, encompassing attack frequency, underlying reasons, operational repercussions, and business consequences.
This year’s publication integrates fresh research aspects for this industry, including a comparison of ransom demands against actual ransom disbursements. Furthermore, for the initial occasion, it sheds light on the involvement of law enforcement in rectifying ransomware incidents.
Access the report to peruse the comprehensive findings.
Surge in Attack Incidences and Recovery Expenditures
Reports reveal that 65% of manufacturing and production enterprises disclosed being targeted by ransomware last year, showcasing a remarkable upsurge from the preceding two years (56% in 2023 and 55% in 2022) and translating to a 41% spike since 2020.
Among the manufacturing firms affected by ransomware within the past year, 93% conveyed raids on their backups during the assault by cyber offenders. Of these, 53% of the backup violation endeavours prevailed.
Moreover, three-quarters of ransomware attacks aimed at manufacturing entities (74%) led to data encryption, marking the highest encryption ratio for the industry in the preceding five years. This percentage also exceeds the 2024 cross-industry average of 70%.
In 2024, manufacturing units registered an average recovery cost of $1.67M following a ransomware onslaught, evidencing an escalation from the $1.08M documented in 2023.
Impacted Devices in Ransomware Incursions
Ordinarily, 44% of computers within manufacturing and production sectors experience the aftermath of a ransomware incursion. Instances of the entire infrastructure being encrypted are exceedingly rare, with only 4% of firms acknowledging that 91% or more of their devices were compromised.
A Majority of Victims Opt for Ransom Payment
While 58% of manufacturing firms restored encrypted data utilizing backups, 62% resolved to pay the ransom for data retrieval. The ratio of manufacturing entities resorting to ransom payment has nearly doubled compared to our 2023 study, where the industry reported one of the lowest ransom settlement rates (34%) across all sectors.
A significant shift witnessed in the past year is the rising inclination among victims to adopt multiple strategies for regaining access to encrypted data (e.g., both paying the ransom and utilizing backups). This time around, nearly half of manufacturing enterprises (45%) experiencing data encryption reported utilizing more than one approach, which is more than double the proportion reported in 2023 (19%).
Escalation in Ransom Payments – Yet Few Meet the Full Demands
Participants from the manufacturing sector who disbursed the ransom unveiled that the median payment surged by 167% over the previous year, escalating from $450,000 to $1.2M.
Despite the uptick in ransom payments, only 27% of manufacturing victims affirmed that their payment aligned with the initial claim. 65% paid less than the original demand, while merely 8% exceeded the stipulated amount.
Get the complete report for further insights on ransom payments and various other aspects.
Survey Overview
The publication draws upon an autonomous, vendor-neutral survey commissioned by Sophos involving 5,000 IT/cybersecurity leaders across 14 nations in the Americas, EMEA, and Asia Pacific, encompassing 585 respondents from the manufacturing and production industry. All participants represent organizations with staffing levels ranging from 100 to 5,000 employees. Conducted by the research specialist Vanson Bourne between January and February 2024, respondents were tasked with reflecting on their encounters over the prior year.
About Author
