Ransomware Strikes Manufacturers: Growing Threats to IP and Downtime
The manufacturing industry has found itself on the front lines of a relentless and escalating battle against ransomware attacks in recent years. These malicious threats are being launched at manufacturers of all sizes, and attacks no longer stop with data encryption. While causing downtime through operational and manufacturing disruption remains the most impactful way for threat actors to secure ransom payments, their tactics don’t stop there.
Hackers are now holding intellectual property (IP) for ransom, and sensitive data theft has become increasingly common, which is especially problematic for manufacturers such as pharmaceutical companies with healthcare records. Additionally, double extortion tactics are on the rise, as cybercriminals up the pressure tactics to force organizations into paying a ransom.
News headlines often focus on multi-million dollar ransoms made against enterprises, such as REvil’s $50 million demands from Acer and Quanta Computer Inc., and a $25 million demand from Pierre Fabre. However, that doesn’t mean SMB manufacturers are in the clear; quite the opposite is true. In 2022, the average ransom demand in the industry was $8.8 million, an amount high enough to easily force an SMB to shutter its operations.
Alarming Statistics Show a Stark Reality
Ransomware attacks are rampant across all industries, and the proliferation of Ransomware as a Service (RaaS) providers, such as DarkSide, REvil, and Ryuk, means even novice hackers can launch complex attacks.
A recent report by Sophos unveiled some startling statistics specific to the manufacturing industry. Between January and March 2023, 56% of manufacturing companies were targeted with ransomware attacks, marking a significant increase from 2021, when only 36% reported such incidents.
Of those attacked, 68% had their data encrypted, while 32% fell victim to double extortion. Even more concerning is that only 27% of businesses managed to thwart the attack before their data was encrypted, highlighting the severity of the challenge and the sophistication of newer threat attacks.
The Cyber Resilience Act
To address an intensifying threat landscape, governments have continued to develop legislation designed to help businesses strengthen their security posture and protect consumers. For example, the Cyber Resilience Act (CRA) is a European Union (EU) regulation that establishes cybersecurity requirements for devices and software sold in the EU. Its goal is to improve the cybersecurity of products with digital elements by requiring manufacturers to implement cybersecurity measures, including:
- Designing and developing products with security in mind from the outset
- Testing products for vulnerabilities and patching them promptly
- Providing security updates to customers throughout the product’s lifecycle
- Reporting serious vulnerabilities to the relevant authorities
Manufacturers: Prime Targets, Devastating Consequences
Manufacturing businesses are attractive targets for cybercriminals for several compelling reasons. Threat actors know that many businesses in the industry use outdated and unpatched systems, making them vulnerable to attacks. Manufacturers also play a pivotal role in supply chains, and many have established data-sharing policies with others to streamline operations; however, this makes them an ideal entry point for hackers looking to launch more extensive and lucrative supply chain attacks.
Manufacturing businesses hold valuable data, including IP, product designs, trade secrets, and customer information, all of which can be held for ransom; if hackers expose any of that information, it can damage the company’s competitive advantage or reputation.
The physical consequences of a ransomware attack on machinery and production facilities can be catastrophic, leading to repair costs and significant downtime. Comparitech’s research found that 2021 ransomware attacks caused an average downtime of 6.4 days. However, in 2022, the average skyrocketed to 12.2 days, likely due to increasingly complex attacks that are harder to identify and mitigate.
Recognizing that manufacturers cannot afford to be offline, hackers exploit this vulnerability, demanding heftier ransoms. In 2023, the cost of ransomware payments surged, with 40% paying between $100,000 and $999,999, compared to 29% in 2022, and 20% paying $1 million or more, compared to just 8% the previous year.
Safeguarding Manufacturing Business Against Ransomware Attacks
The most common root causes of ransomware attacks in manufacturing are malicious emails (41%) and compromised credentials (27%). However, those attack vectors and many others can be eliminated by taking a proactive approach to cybersecurity.
Fortifying defenses and mitigating risks come down to adhering to best practices, including:
Employee Training: Invest in regular cybersecurity awareness training to educate employees about the dangers of phishing emails and the importance of strong, unique passwords.
Strong Authentication: Implement multi-factor authentication (MFA) to protect against compromised credentials.
Regular Backups: Maintain up-to-date and offline backups of critical data to ensure a quick recovery in case of an attack.
Patch Management and Backdoors: Keep software and systems updated with the latest security patches and take steps to prevent unconventional backdoors.
Network Segmentation: Segment your network to limit lateral movement for attackers, preventing them from easily accessing sensitive data.
Incident Response Plan: Develop a comprehensive incident response plan that includes steps for identifying, containing, and recovering from a ransomware attack.
24/7 Monitoring and Detection: It’s essential to have 24/7 monitoring in place and a Security Operations Center (SOC)-backed Incident Response (IR) team that can correlate seemingly unrelated events to identify patterns and potential security incidents before they escalate. However, not all SOCs possess the specialized industry-specific knowledge required. It’s crucial for manufacturing businesses to partner with a SOC like CYREBRO that understands the unique challenges of the manufacturing sector and has the necessary experience to support their security efforts.
The rising tide of ransomware attacks against manufacturing companies poses a severe threat to their operations and intellectual property. With the financial stakes higher than ever, manufacturers must take proactive steps to bolster their cybersecurity defenses. Manufacturers can navigate these treacherous waters by prioritizing cybersecurity, implementing robust prevention measures, and finding a reliable MDR solution to protect their invaluable assets from the grasp of threat actors. The time to act is now, as the ransomware threat shows no signs of abating.