The manufacturing sector is more and more bearing the brunt of ransomware assaults, rating because the most-targeted sector in separate analyses from researchers at NordStellar, KELA, ZeroFox, GuidePoint Safety and Dragos.
The reason being easy, in accordance with specialists: Ransomware operators need to maximize reward whereas minimizing effort and danger. Briefly, producers are straightforward targets as a result of their extremely interconnected IT/operational know-how (OT) programs are constructed on susceptible legacy tools, and their low tolerance for manufacturing delays motivates them to pay to finish assaults. Simply over half of producing victims made ransom funds in 2025, in accordance with a current Sophos survey. The median quantity was $1 million, and 18% of funds had been $5 million or extra.
“Disruptions in manufacturing that end in shutting down manufacturing programs are extraordinarily expensive,” stated Paul Furtado, analyst at Gartner. He added that the interconnected nature of provide chains means a ransomware assault on one provider typically has cascading results on its companions, their companions and so forth — giving attackers further leverage and additional incentivizing victims to satisfy attackers’ calls for.
Take, for instance, the 2022 ransomware assault on one in all Toyota Motor Firm’s third-party suppliers. The incident at Kojima Industries — a producer of inside and exterior automotive elements, akin to steering wheel elements — in flip pressured Toyota to halt manufacturing throughout all 14 of its Japanese factories.
Motive and means: Helpful knowledge and susceptible infrastructure
If time is cash for a producer — with each second of downtime hurting the underside line — its knowledge are the crown jewels.
“Producers are guardians of commerce secrets and techniques,” Furtado stated, explaining that their proprietary engineering designs and manufacturing processes make them notably inclined to knowledge theft.
Sophos discovered that 40% of ransomware assaults on manufacturing organizations in 2025 resulted in knowledge encryption, 16% concerned encryption and knowledge theft, and one other 10% had been extortion-only ransomware assaults through which attackers stole producers’ knowledge and threatened to reveal it on-line. Extortion-only assaults in opposition to producers are rising, up from simply 3% the earlier yr.
From a technical perspective, the manufacturing sector is a simple goal as a result of its programs and industrial tools weren’t designed for the present period of IoT and IT/OT convergence. Whereas connecting legacy OT to enterprise IT programs has huge enterprise advantages, it additionally carries vital safety dangers. Forty-two % of producing organizations that Sophos surveyed stated unknown safety gaps contributed to their current ransomware assaults, and 41% cited insufficient safety protections.
“Due to an inherent belief that is been a staple of OT networking for therefore lengthy, when you cross from IT into OT, you typically have a lot broader entry to programs than you’ll in a mature IT safety setting,” stated Paddy Harrington, analyst at Forrester. “An attacker simply has to search out their means throughout the bridge, if you’ll, and the doorways are sometimes broad open.”
For attackers, manufacturing is a low-risk goal
Though ransomware gangs additionally repeatedly goal different vital infrastructure sectors, together with power, healthcare, telecom and transportation, “manufacturing leads by a mile,” in accordance with Harrington.
That is partly as a result of non-nation-state operators need cash, not bother. And whereas producers deal in materials items, different vital infrastructure sectors have inherently increased stakes.
Assaults on power companies and healthcare suppliers, for instance, might end in lack of life — which might, in flip, invite heightened legislation enforcement scrutiny and public ire. And that, Harrington added, is dangerous for enterprise. “You have simply painted a giant goal on your self for legislation enforcement and even navy motion, and so they’ll actively hunt you,” he stated.
How producers can mitigate ransomware danger
Harrington stated he has seen rising curiosity amongst manufacturing companies in bettering OT safety, from primary asset discovery to extra refined methods akin to the next:
- Danger posture administration.
- Community segmentation.
- Safe distant entry for OEM companions.
- Menace detection and response.
- Endpoint safety instruments, akin to endpoint safety platforms, endpoint detection and response, and prolonged detection and response.
“Corporations are getting pushback from the OEMs in the event that they try to use something apart from a pair sanctioned options,” Harrington stated. However, he added, as duty for OT safety more and more shifts to CISOs, they want higher instruments to adequately handle ransomware danger.
Alissa Irei is senior web site editor of Informa TechTarget Safety.
