Sophos’ report explores ransomware’s impact on manufacturing

Share
Ransomware in manufacturing
Cybersecurity leader Sophos’ report, “The State of Ransomware in Manufacturing and Production 2023” reviews the main causes behind these attacks

Sophos has opened a new survey report The State of Ransomware in Manufacturing and Production 2023 which yielded some alarming facts for the industry. 

Sophos is a cybersecurity champion, based in Oxfordshire, England, and founded in 1985. 


Manufacturing leaders face ransomware threats 

Sophos is one of the biggest pure-play cybersecurity providers, which protects over 500,000 organisations and more than 100m global users from ransomware, phishing and malware.

For the survey, Sophos polled 3,000 leaders in IT and cybersecurity, with 100 to 5,000 employees. This included 363 manufacturing and production businesses, across 14 countries in the Americas, EMEA and Asia Pacific.

The results showed:

  • In 68% of ransomware attacks against the manufacturing sector, the data was encrypted by the group behind the hack
  • In 32% of cases where this happened, data was also stolen
  • 73% of the manufacturers surveyed said they were using backups 
  • 55% of manufacturing businesses surveyed who were victims of such an attack recovered within one week

The main causes of ransomware attacks were reported to be:

  • 27% of attacks said compromised credentials were the most common root cause
  • 24% of incidents were caused by exploited vulnerabilities
  • 41% of those surveyed blamed malicious emails or phishing 

“While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery,” said John Shier, field CTO at Sophos. “With 77% of manufacturing organisations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response.”

Youtube Placeholder

Sophos’ knowledge of ransomware attacks 

Manufacturing Digital previously interviewed Shier about his knowledge of ransomware attacks, where he discussed the difference between a cyber attack and a ransomware attack.

Information gained in a ransomware attack is kept from the public and offered back to the victim for a price.

In a cyberattack, there is no offer of negotiation. 

“I would say that it's fairly rare to have nation states behind ransomware attacks that are for profit,” says Shier. “Nation states are generally after information, they're not really in it to make money; they're gathering intelligence, state secrets, intellectual property and information about activists.

“There's also a tool called X matter, which is also a data stealing tool that is being used by several different groups. It could be a single person that's part of this affiliate programme or it could be a bunch of people. You can also be part of more than one such programme. There's a whole bunch of these ransomware groups; as a group or an individual, you can participate in many of these schemes. Generally, they take anywhere from 10-20%, then the affiliates themselves get the rest of the profit.”

Share

Featured Articles

Stellantis & CATL Boost EV Manufacturing Capacity

Stellantis & CATL intend to build US$4.43bn LFP battery plant in Spain by 2026, boosting EV production & advancing sustainable manufacturing

Sir David McMurty: A Visionary Engineer, Inventor and Leader

Sir David McMurty, Co-Founder of Renishaw has passed, leaving a legacy of manufacturing achievement, creating inventions and a unique company culture

IFS: Gaining New Manufacturing Value with Service Centricity

Leaders like IFS are empowering manufacturers to unlock significant business value with outcome-based service models, supercharging their customer service

Your Guide to Manufacturing LIVE Chicago

Procurement & Supply Chain

UPDATED VENUE & DATE – Manufacturing LIVE Chicago 2025

Sustainability & ESG

The Breakdown of the Global Plastics Treaty isn't the end

Sustainability & ESG