The State of Ransomware in Manufacturing and Production 2024 – Key Takeaways
Here at Fusion IT, in our capacity as a Sophos Gold Partner, we have access to some interesting research from Sophos. Since we operate with several clients in the Manufacturing and Production sectors the following report caught my eye. The report is some 27 pages long, but we have summarised the key takeaways below.
The latest report from Sophos on ransomware in the manufacturing and production sectors reveals a concerning rise in cyberattacks, highlighting both the evolving strategies of cybercriminals and the critical need for enhanced cybersecurity measures.
Below are the most critical insights and statistics from the report.
Surge in Ransomware Attacks
Increased Frequency
A whopping 65% of manufacturing organisations were hit by ransomware in the past year, up from 56% in 2023 and 55% in 2022. This marks a stark 41% increase since 2020, bucking the overall trend of a slight decrease across other sectors, which now averages 59%.
Impact on Systems
Extent of Damage
On average, ransomware attacks affected 44% of computers in manufacturing organisations. While total encryption of environments is rare (only 4% faced near-total impact), the sector still faces significant disruptions.
Sectoral Variation
Manufacturing had a slightly lower impact compared to the cross-sector average of 49%, with energy, oil/gas, and utilities being the hardest hit at 62%.
Root Causes of Attacks
Primary Causes
Malicious emails are the top cause of ransomware in manufacturing (29%), followed closely by exploited vulnerabilities (27%).
Sector-Specific Vulnerabilities
Different sectors have unique vulnerabilities; for example, government sectors struggle primarily with compromised credentials, while energy and utilities suffer from unpatched vulnerabilities.
Backup Compromises
High Compromise Rate
A staggering 93% of organisations faced attempts to compromise their backups, with 53% of these attempts being successful.
Consequences
Organisations with compromised backups faced higher ransom demands and recovery costs and were more likely to pay the ransom.
Data Encryption and Theft
High Encryption Rates
Data encryption occurred in 74% of ransomware attacks in manufacturing—the highest rate in five years.
Data Theft
In 28% of incidents where data was encrypted, data was also stolen, adding another layer of risk and extortion.
Recovery and Ransom Payments
Data Recovery
Despite the challenges, 99% of organisations managed to recover their data. However, 62% paid the ransom, while 58% relied on backups.
Ransom Demands and Payments
The median ransom demand was $1.5 million (£1.2 million), with actual payments averaging $1.2 million (£945,000). Impressively, 65% of organisations managed to negotiate the ransom down.
Role of Law Enforcement and Negotiations
Law Enforcement Involvement
The report emphasises the critical role of law enforcement in ransomware remediation.
Negotiation Practices
Manufacturing organisations are proactive in negotiating ransom demands, with only 27% paying the initial amount requested by attackers.
Summary
The State of Ransomware in Manufacturing and Production 2024 report paints a stark picture of the escalating threat of ransomware in the sector. It underscores the importance of robust cybersecurity strategies, regular updates and patches, employee training to handle phishing attempts, and the crucial role of backups. With ransom demands and payments reaching new heights, manufacturing organisations must be prepared to respond effectively to mitigate financial and operational impacts. This report serves as a critical reminder of the persistent and evolving nature of cyber threats and the need for vigilance and preparedness in the face of such challenges.
Thanks
Richard