Sophos: Manufacturers Blocking More Ransomware, But Data Theft and Extortion on the Rise

Photo of By Staff Writer By Staff Writer Send an email December 4, 2025
0 2 minutes read
Sophos ransomware attacks report

Manufacturing organizations are becoming increasingly effective at stopping ransomware attacks before data can be encrypted, yet cybercriminals are countering these defenses by pivoting to data theft and “extortion-only” tactics, according to a new report by Sophos.

The State of Ransomware in Manufacturing and Production 2025 report reveals that while the sector has achieved its lowest data encryption rate in five years, the financial stakes remain perilously high.

The study found that 50 percent of manufacturing organizations successfully stopped attacks before encryption could occur, more than double the rate from the previous year (24 percent). Consequently, only 40 percent of attacks resulted in data encryption, a significant drop from 74 percent in 2024.

However, adversaries are adapting. The report highlights a surge in “extortion-only” attacks, where criminals steal data and threaten to leak it without encrypting files, which rose from 3 percent to 10 percent. Furthermore, 39 percent of manufacturers that did experience encryption also had their data stolen, giving attackers double leverage.

Related Articles

“Manufacturing depends on interconnected systems where even brief downtime can stop production and ripple across supply chains,” said Alexandra Rose, Director of Threat Research at Sophos. “Attackers exploit this pressure: despite encryption rates falling to 40%, the median ransom paid still reached $1 million.”

Despite improved defenses, the report indicates that 51 percent of organizations with encrypted data still paid the ransom to recover access. The median ransom payment stood at $1 million, slightly lower than the median demand of $1.2 million.

However, there is a silver lining regarding recovery costs. The average cost to recover from an attack (excluding the ransom payment) declined by 24 percent to $1.3 million. Recovery speeds also improved, with 58 percent of manufacturers fully recovering within one week.

The report identifies a lack of internal expertise (42.5 percent) and unknown security gaps (41.6 percent) as the primary fuel for these attacks.

Sophos X-Ops also identified the most prominent threat groups targeting the sector over the last year as Akira, Qilin, and PLAY.

“Layered defenses, continuous visibility, and well-rehearsed response plans are essential to reduce both operational impact and financial risk,” added Rose.

Go to TECHTRENDSKE.co.ke for more tech and business news from the African continent and across the world. 

Follow us on WhatsAppTelegramTwitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke

Facebook Comments

Tags
Photo of By Staff Writer By Staff Writer Send an email December 4, 2025
0 2 minutes read
Photo of By Staff Writer

By Staff Writer

Tracking and reporting on tech and business trends in Kenya and across Africa. Send tips to editorial@techtrendsmedia.co.ke

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button