Sophos’ report explores ransomware’s impact on manufacturing

Cybersecurity leader Sophos’ report, “The State of Ransomware in Manufacturing and Production 2023” reviews the main causes behind these attacks

Sophos has opened a new survey report The State of Ransomware in Manufacturing and Production 2023 which yielded some alarming facts for the industry. 

Sophos is a cybersecurity champion, based in Oxfordshire, England, and founded in 1985. 

Manufacturing leaders face ransomware threats 

Sophos is one of the biggest pure-play cybersecurity providers, which protects over 500,000 organisations and more than 100m global users from ransomware, phishing and malware.

For the survey, Sophos polled 3,000 leaders in IT and cybersecurity, with 100 to 5,000 employees. This included 363 manufacturing and production businesses, across 14 countries in the Americas, EMEA and Asia Pacific.

The results showed:

  • In 68% of ransomware attacks against the manufacturing sector, the data was encrypted by the group behind the hack
  • In 32% of cases where this happened, data was also stolen
  • 73% of the manufacturers surveyed said they were using backups 
  • 55% of manufacturing businesses surveyed who were victims of such an attack recovered within one week

The main causes of ransomware attacks were reported to be:

  • 27% of attacks said compromised credentials were the most common root cause
  • 24% of incidents were caused by exploited vulnerabilities
  • 41% of those surveyed blamed malicious emails or phishing 

“While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery,” said John Shier, field CTO at Sophos. “With 77% of manufacturing organisations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response.”

Sophos’ knowledge of ransomware attacks 

Manufacturing Digital previously interviewed Shier about his knowledge of ransomware attacks, where he discussed the difference between a cyber attack and a ransomware attack.

Information gained in a ransomware attack is kept from the public and offered back to the victim for a price.

In a cyberattack, there is no offer of negotiation. 

“I would say that it's fairly rare to have nation states behind ransomware attacks that are for profit,” says Shier. “Nation states are generally after information, they're not really in it to make money; they're gathering intelligence, state secrets, intellectual property and information about activists.

“There's also a tool called X matter, which is also a data stealing tool that is being used by several different groups. It could be a single person that's part of this affiliate programme or it could be a bunch of people. You can also be part of more than one such programme. There's a whole bunch of these ransomware groups; as a group or an individual, you can participate in many of these schemes. Generally, they take anywhere from 10-20%, then the affiliates themselves get the rest of the profit.”


Featured Articles

Applying the metaverse to the manufacturing industry

Discover six ways in which the ‘industrial metaverse’ can benefit the manufacturing industry to work faster, more efficiently, and at lower costs

Managing supply & demand in pharma manufacturing

Pharma manufacturing supply & demand according to John Swift, Head of Supply Chain at Owen Mumford Pharmaceutical Services

Trend Micro on the future of cybersecurity in manufacturing

Bharat Mistry, Technical Director at software developer Trend Micro, explores the evolution of cybersecurity in manufacturing & building a connected world

How industrial manufacturers prioritise product development


Model N’s Chris Shrope: exploring high-tech in manufacturing


Infosys: AI & Smart Factories strengthen manufacturing