By Sandra Lee, Managing Director of Southeast Asia and Korea, Sophos

Wrapping up the first half of 2024, the Asia-Pacific region (APAC) is set to be the fastest
growing region of the world economy1. It accounted for more than half of global GDP growth
with the manufacturing industry becoming one of the key drivers over the years2, paving the
way for APAC to be the world’s manufacturing and production hub.

However, the industry is claiming a sad record in Sophos’ latest report with the highest growth in the percentage of organisations hit by ransomware in 2023, emphasizing the potential risk to the global
production chain.

Compared to all other industries that recorded a decrease in attacks last year, the
manufacturing and production industry is one of the only three sectors with an increased attack
rate of 9% other than healthcare (+7%) and financial services (+1%). A concerning percentage
(65%) of organisations reported they were hit by ransomware last year, which was a notable
increase from the previous years since 2020 (i.e. 24% in 2020).

A majority (93%) of manufacturing organisations hit by ransomware in the past year claimed
that cybercriminals attempted to compromise their backups during the attack. Of them, 53% of
backup compromise attempts were successful.

Additionally, three out of four ransomware attacks on manufacturing organizations (74%) resulted in data encryption, hitting the highest encryption rate for the sector in the last five years and the cross-sector average of 70% in 2024.

Although most organisations hit by ransomware were able to identify the root cause of the
attack, which exploited vulnerabilities and compromised credentials — malicious e-mails were
identified as the root cause. Some organizations are still failing to implement key security
measures that can demonstrably reduce their overall risk profile, resulting in a higher attack
recovery cost. In 2024, manufacturing organizations reported a mean cost of $1.67M to recover
from a ransomware attack, an increase from the $1.08M reported in 2023.

Majority of Victims Acquiesce and Pay Ransoms
Compounding on recovery costs, disrupted operations can lead to staggering financial losses.
On average, 44% of computers in manufacturing and production are currently experiencing
disruptions by ransomware attacks. To prevent further revenue losses, manufacturers are
desperate to get their data back as quickly as possible and are often willing to pay listed
ransoms.

Over the last year, there has been an increase in the propensity for victims to use multiple
approaches to recover encrypted data (e.g. paying the ransom and using backups). This time
around, almost half of manufacturing organisations (45%) that had data encrypted reported
using more than one method, more than double the rate reported in 2023 (19%).

While 58% in manufacturing restored encrypted data using backups, 62% paid the ransom to
get data back.

Respondents who paid the ransom shared the actual sum paid, revealing that the average
(median) payment has increased by 167% over the last year, from $450,000 to $1.2M.
Although ransom payments have increased, only 27% of manufacturing victims said that their
payment matched the original request. Approximately 65% paid less than the original demand,
while only 8% paid more.

The increase in both the number of victims and their inability to detect and respond quickly
enough to prevent ransomware attacks is a significant concern. Criminals are very aware of
their success rates amongst different sectors and it is anticipated that they could begin
targeting manufacturers alongside healthcare and schools.

It will be essential for organisations in manufacturing sectors and adjacent industries to focus considerable time and effort on detecting and responding to hands-on keyboard attacks and threats.