Sophos’ report explores ransomware’s impact on manufacturing

Cybersecurity leader Sophos’ report, “The State of Ransomware in Manufacturing and Production 2023” reviews the main causes behind these attacks

Sophos has opened a new survey report The State of Ransomware in Manufacturing and Production 2023 which yielded some alarming facts for the industry. 

Sophos is a cybersecurity champion, based in Oxfordshire, England, and founded in 1985. 

Manufacturing leaders face ransomware threats 

Sophos is one of the biggest pure-play cybersecurity providers, which protects over 500,000 organisations and more than 100m global users from ransomware, phishing and malware.

For the survey, Sophos polled 3,000 leaders in IT and cybersecurity, with 100 to 5,000 employees. This included 363 manufacturing and production businesses, across 14 countries in the Americas, EMEA and Asia Pacific.

The results showed:

  • In 68% of ransomware attacks against the manufacturing sector, the data was encrypted by the group behind the hack
  • In 32% of cases where this happened, data was also stolen
  • 73% of the manufacturers surveyed said they were using backups 
  • 55% of manufacturing businesses surveyed who were victims of such an attack recovered within one week

The main causes of ransomware attacks were reported to be:

  • 27% of attacks said compromised credentials were the most common root cause
  • 24% of incidents were caused by exploited vulnerabilities
  • 41% of those surveyed blamed malicious emails or phishing 

“While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery,” said John Shier, field CTO at Sophos. “With 77% of manufacturing organisations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response.”

Sophos’ knowledge of ransomware attacks 

Manufacturing Digital previously interviewed Shier about his knowledge of ransomware attacks, where he discussed the difference between a cyber attack and a ransomware attack.

Information gained in a ransomware attack is kept from the public and offered back to the victim for a price.

In a cyberattack, there is no offer of negotiation. 

“I would say that it's fairly rare to have nation states behind ransomware attacks that are for profit,” says Shier. “Nation states are generally after information, they're not really in it to make money; they're gathering intelligence, state secrets, intellectual property and information about activists.

“There's also a tool called X matter, which is also a data stealing tool that is being used by several different groups. It could be a single person that's part of this affiliate programme or it could be a bunch of people. You can also be part of more than one such programme. There's a whole bunch of these ransomware groups; as a group or an individual, you can participate in many of these schemes. Generally, they take anywhere from 10-20%, then the affiliates themselves get the rest of the profit.”


Featured Articles

Cristina Semperboni: Women In Engineering Spotlight

We interviewed Cristina Semperboni about her career journey from graduate to Engineering Manager at manufacturer Flex

Aerospace Insight: Where does Boeing make all of its Planes

After safety concerns rise by 500%, Manufacturing Digital takes an in-depth look at Boeing’s global manufacturing facilities

Comau's Automation Solutions for Outside of Manufacturing

Comau is expanding automation solutions across the sectors, from food to pharma. Nicole Clement says the company wants to make automation more accessible

Toyota Partners with Artelys to Streamline Post-Production

Procurement & Supply Chain

Voltpost: Overcoming Manufacturing Challenges & EV Charging


How Intelligent Automation is Reshaping Manufacturing

Smart Manufacturing