The State of Ransomware in the Manufacturing Sector

How many ransomware attacks did the Manufacturing Sector suffer in 2021? According to research, 21% of ransomware attacks targeted manufacturing organizations in 2020, and it was a similar story in 2021. 

Six in 10 manufacturing organizations went on to say that they were struggling to defend against ransomware attacks due to their growing sophistication. At the same time, just under half (46%) noted that they were likely to get hit at some point by ransomware.

The Impact of Ransomware on Manufacturing Organizations

In our recent ransomware report, Ransomware: The True Cost to Business, we spoke to manufacturing organizations about the impact that a successful ransomware attack had left on their business. About half of those entities said they had lost revenue in the attack. Meanwhile, nearly three in 10 respondents in the sector indicated that they had laid off employees following the infection.

Even so, manufacturing organizations stood out for their ability to respond to a ransomware attack once it occurred. Even if encryption was successful, just one in five of those entities ultimately submitted to the ransom demand (compared to the global average of 32%). Driving this finding is the fact that two-thirds of manufacturing respondents were able to restore their encrypted data using backups. 

Key Ransomware Challenges Confronting Manufacturing

One of the most significant challenges confronting the manufacturing sector is that organizations look to the Industrial Internet of Things (IIoT) to drive insights into their Operational Technology (OT). The challenge here is that many of those OT assets are decades-old legacy systems that might not support receiving updates remotely. 

Attackers understand this point. Subsequently, they can target IIoT devices and use their connectivity to pivot to the industrial systems themselves. They can then exploit flaws in those systems to undermine their functionality and potentially disrupt critical industrial processes.

The IT-OT convergence isn’t the only security hurdle for the manufacturing industry. Industry Today pointed out that supply chains everywhere, including those for manufacturing organizations, are growing in their complexity and interconnectedness, for example. This creates gaps through which an attacker can leverage a compromise against an industrial supplier to infiltrate the networks of manufacturing organizations and other customers.

The issue is that there’s a lack of a standardized approach for handling cybersecurity in the manufacturing space. According to Industry Today, there’s no uniform methodology for conducting risk assessments and implementing monitoring capabilities without affecting operations.. Within that variability, organizations are left on their own to figure out best practices, align them with their security requirements, measure their effectiveness, and make appropriate changes.

Some choose not to implement proactive security capabilities in response. In a study conducted by Deloitte, few manufacturing organizations said that they had implemented monitoring tools in their OT environments. In contrast, fewer than half said they had performed a cybersecurity assessment of their OT assets in the past six months. 

This could be due to a lack of awareness of emerging threats and how to move forward with implementing security measures. It's also impossible to rule out a false sense of security at some organizations, noted Deloitte.

Preparing for Ransomware Attacks

First, manufacturing organizations need to clearly define the roles and responsibilities of OT and IT teams. They can then use that understanding to promote cultural exchanges through which personnel can share success stories, priorities, and challenges. IT and OT teams can build more robust collaboration channels over security threats in the process.

Second, organizations in the manufacturing sector need to focus on obtaining visibility over their assets. Per Industry Today, they need to make sure that they don’t confine these efforts to the core network only. They also need to take IIoT, software-defined wide-area networking (SD-WAN), and other new technologies into account. Otherwise, they could leave themselves exposed to an attack.

Leveraging Artificial Intelligence to Defeat Ransomware

Organizations are turning to Extended Detection and Response (XDR) solutions powered by Artificial Intelligence (AI) and Machine Learning (ML) to enable their security teams to automate triage, investigation, and remediation efforts at scale to detect RansomOps at the earliest stages of an attack.

AI/ML-driven XDR can enable security teams to cut through the noise introduced by a constant flood of threat alerts, allowing security professionals to spend less time sifting through alerts and chasing false positives and more time working to improve the organization's overall security posture.

The advantage here is in automating the detection of events that usually require human analysis and relieving security teams of the inefficient task of sorting the signal from the noise on the network. AI will enhance the efficiency of every asset of the security team and amplify the efficacy of the entire security stack.

AI/ML is critical to automating correlations by analyzing data at a rate of millions of events per second, so instead of manually querying data, analysts can spend more time acting on the insights produced by AI/ML across disparate assets on the network.

AI-driven XDR allows analysts to quickly identify malicious chains of behavior, never before seen malware variants, and detect complex RansomOps attack sequences earlier to swiftly remediate known and unknown threats regardless of where they occur in an organization’s environment. Such visibility enables security teams to respond to an event before it becomes a major security issue and introduce measures designed to increase the burden on attackers.



Cybereason is dedicated to teaming with Defenders to end ransomware attacks on the endpoint, across the enterprise, to everywhere the battle is taking place. Learn more about Cybereason AI-driven XDR here, browse our ransomware defense resources, or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Anthony M. Freed
About the Author

Anthony M. Freed

Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

All Posts by Anthony M. Freed