Manufacturing firms face ransomware attack as hackers encrypt data

Manufacturing is emerging as one of the most exposed sectors to ransomware attacks, a report published on Tuesday by cyber security firm Sophos noted. According to its “State of Ransomware in Manufacturing and Production 2023” report, which polled 3,000 IT/cybersecurity leaders in large and mid-sized enterprises, more than two-thirds (68%) of these firms have been hit by ransomware attacks globally had their data encrypted by hackers. This is the highest reported encryption rate for the sector over the past three years, noted Sophos, indicating that attackers are frequently succeeding in encryption data.

While, the percentage of manufacturing firms using backups to recover data has gone up, with 73% of the manufacturing companies surveyed using backups this year versus 58% in the previous year, the sector still has one of the lowest data recovery rates, said the study. For example, in 2022, 67% of manufacturing organisations recovered within a week, while 33% recovered in more than a week. That said, use of backup alone does not guarantee a faster recovery,

“With 77% of manufacturing organisations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response,” John Shier, field CTO, Sophos, said.

This extended recovery is negatively impacting IT teams, showed the survey, where 69% said that addressing security incidents is too much time consuming and 66% mentioned they are unable to work on other projects as well.

Encryption is often less effective if the cryptographic keys that encrypt and decrypt the data are not secure. Malicious actors often concentrate their attacks on obtaining an organisation’s encryption keys, said Yogesh Zope, chief information officer (CIO) and chief digital officer (CDO) at forging company Bharat Forge. He noted that it requires new approaches to security in the era of smart manufacturing, and emphasised on a robust security solution like an endpoint detection and response (EDR) system.

O.A. Balasubramaniam, Director IT - electric horn manufacturer Roots Group of Companies, also said that manufacturing organisations should invest in cyber security management programmes including threat intelligence, vulnerability assessment, etc. that extend across their IT and OT networks.

The study also found that the proportion of manufacturing organisations paying higher ransoms has increased since last year. Notably, 40% paid a ransom between $100,000 and $999,999 in 2022 compared to 29% who paid this amount in 2021.

Apparently, if organisations pay the ransom, the cybercriminals will give them decryption tools and retract the threat of exposing sensitive data. However, Vishak Raman, vice president for sales in India, SAARC and Southeast Asia, noted, payment doesn't always guarantee that all the data will be restored. From an organisation's perspective paying the ransom to recover the lost information might look like the easiest alternative. But paying ransom means we are aiding the attackers' business model, which will only lead to more ransomware.

According to research firm Gartner, on average, only 65% of the data is recovered, and only 8% of organisations manage to recover all data.