Sophos Unveils “State of Ransomware in Manufacturing and Production 2025” Report
Sophos has published its State of Ransomware in Manufacturing and Production 2025 report, highlighting a notable evolution in attacker methodologies as manufacturers enhance their preliminary defenses.
This global analysis, grounded in a survey of 332 organizations that experienced ransomware incidents over the past year, points to a decline in data encryption rates, while adversaries are increasingly favoring data theft and extortion strategies to exert pressure.
The findings indicate that merely 40 percent of ransomware assaults on manufacturers resulted in data encryption—the lowest incidence rate in five years, plummeting from 74 percent in the previous year.
Concurrently, extortion-only incidents surged from 3 percent to 10 percent year-on-year, signaling a discernible shift toward data theft as a strategic focus.
Alarmingly, among those organizations experiencing data encryption, 39 percent also faced data theft, marking one of the highest cross-sector occurrences documented by Sophos.
The research also underscores advancements in early threat detection. Remarkably, half of the manufacturing entities successfully halted an attack prior to encryption, a significant increase from last year’s 24 percent.
Nevertheless, despite these defensive advancements, 51 percent of those affected by encryption ultimately paid the ransom, with the median payment escalating to US$1 million against a median demand of US$1.2 million.
Moreover, metrics related to recovery have shown substantial improvement, with average recovery costs (not including ransom) decreasing by 24 percent to US$1.3 million.
A considerable proportion of organizations—58 percent—achieved full operational restoration within one week, up from 44 percent the previous year.
However, the human cost remains profound: 47 percent of respondents reported heightened stress levels among IT and security teams, while 44 percent noted increased pressure from senior executives. Furthermore, over a quarter experienced alterations in leadership following the incident.
Over the past year, Sophos X-Ops identified 99 distinct ransomware factions targeting manufacturing sectors. Among the most prominent were Akira (GOLD SAHARA), Qilin (GOLD FEATHER), and PLAY (GOLD ENCORE).
In more than half of the incidents managed by Sophos Emergency Incident Response, attackers employed double extortion tactics, stealing and encrypting data while threatening to disclose sensitive information on leak sites.
Alexandra Rose, Director of Threat Research at Sophos’ Counter Threat Unit, emphasized that the operational significance of the manufacturing industry renders it an appealing target for nefarious actors.
She remarked that even transient disruptions can severely impact production and supply chains, affording attackers substantial leverage.
Despite the reduced rates of encryption, Rose asserted that the financial and operational repercussions remain pronounced, underscoring the necessity for robust defensive strategies, continuous oversight, and meticulously rehearsed incident response protocols.
To fortify organizational resilience, Sophos advocates for the following measures:
- Address root-cause vulnerabilities.
- Deploy comprehensive endpoint and server protection.
- Regularly maintain and test incident response plans and data backups.
- Ensure 24/7 monitoring to swiftly address threats.
For entities lacking sufficient internal resources, collaboration with a Managed Detection and Response provider can significantly enhance threat visibility and mitigate the impact of attacks.
Source link: Australiancybersecuritymagazine.com.au.
