The Sophos State of Ransomware study shows that manufacturing and manufacturing companies worldwide paid rare ransoms, averaging over $2 million, but at the same time more than twice as much as companies in other industries. A frightening development.
Sophos released this year's industry study, The State of Ransomware in Manufacturing and Production, which specifically looked at the manufacturing and production space. The study shows that this sector has the highest average ransom payments of any industry studied. Affected companies raised US$2.036.189 for the extortionist's demands, while companies in other industries spent US$812.360.
Ransom: $2 million instead of $800.000 on average
The industry is also ahead in terms of the increase in complexity and number of cyber attacks: 66 percent of the manufacturing and production companies surveyed reported an increasing complexity of cyber attacks and 61 percent reported an increase in cyber attacks compared to the previous year's survey. Both increases are seven and four percent above the average for other industries.
“Manufacturing is an attractive target for cybercriminals due to its privileged position in the supply chain. Legacy infrastructures and a lack of visibility into the OT (operational technology) environment provide attackers with easy access and a springboard for attacks on a compromised network,” said John Shier, Senior Security Advisor at Sophos. "The convergence of IT and OT increases the attack surface and exacerbates an already complex threat landscape."
Few pay, but the sums are higher
While the average ransom payment was highest in the manufacturing and manufacturing industry, the percentage of companies that actually paid the ransom was one of the lowest across all industries (33% vs. 46% for the cross-industry average).
Additional findings from the State of Ransomware study
- The manufacturing and manufacturing sector had the lowest rate of attacks, tied with the financial services sector, where only 55% of surveyed companies were affected by ransomware.
- However, the percentage of companies affected by ransomware in the manufacturing and production sectors increased by 52% compared to last year's report (up from 36% in the 2021 survey report).
- The sector also had the lowest encryption rate (57% versus 65% for the cross-industry average).
- Only 75% of respondents said they had cyber insurance - the lowest percentage across all industries.
Better protection against ransomware
Sophos offers all companies in all industries the following five recommendations for better protection against ransomware:
- Installation and maintenance of high-quality protective measures at all points in the area. Regularly reviewing security controls and ensuring they continue to meet company requirements.
- Proactively scan for threats to identify and stop attackers before they can launch attacks. If internal resources are not available for this, an MDR (Managed Detection and Response) team should be called in.
- Hardening the IT environment by identifying and closing key security vulnerabilities such as unpatched devices, unprotected machines and open RDP ports. Extended Detection and Response (XDR) solutions are ideal for this purpose.
- Development of a worst case scenario and provision of a constantly updated action plan.
- Creating backups and practicing restoring them to ensure minimal disruption and recovery times.
"Reliable backups are an important part of recovery, but today's ransomware threat requires a detailed response plan that includes human-led threat-hunting capabilities," says John Shier. "Complex attacks require comprehensive protection, which for many organizations involves the deployment of managed detection and response (MDR) teams trained to find and neutralize active attackers."
Background information on the study
The State of Ransomware 2022 study surveyed 5.600 IT professionals at midsize organizations in 31 countries, including 419 respondents from the manufacturing and manufacturing industries.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.