Companies in the manufacturing and production sector are the least likely (at 19%) to submit to a ransom demand to have encrypted files restored and the most likely (at 68%) to be able to restore data from backups. This is according to the “The State of Ransomware in Manufacturing and Production 2021,” report released by Sophos on Monday.
The practice of backing up data could be a reason why this sector was also the most affected by extortion-based ransomware attacks, a pressure technique where attackers don’t encrypt files, but rather threaten to leak stolen information online if a ransom demand isn’t paid. The survey studied the extent and impact of ransomware attacks during 2020.
The ransomware findings for the manufacturing and production sector include: 36% of the businesses surveyed were hit by ransomware in 2020, 9% of ransomware victims were hit with extortion-based ransomware attacks, compared to a global average of 7% and the average ransomware recovery cost was $1.52 million, less than the global average of $1.85 million
“The sector’s high ability to restore data from backups enables many companies to refuse attacker demands for payment in the case of traditional, encryption-based ransomware attacks,” said Chester Wisniewski, principal research scientist at Sophos.
“However, it also means that adversaries are forced to find other approaches to make money from victims, such as stealing data and threatening to leak company information if their financial demands aren’t met. Backups are vital, but they cannot protect against this risk, so manufacturing and production businesses should not rely on them as an anti-extortion defense. Organizations need to extend their anti-ransomware defenses by combining technology with human-led threat hunting to neutralize today’s advanced human-led cyberattacks.”
The findings also show that manufacturing and production companies worry more than any other sector about being attacked with ransomware in the future. Sixty percent of respondents said this is because attacks are so sophisticated, they have become harder to stop. Forty-six percent believe that since ransomware is so prevalent, it is inevitable they’ll get hit by the cybercrime.
The repoort survey polled 5,400 people working in a leadership role in IT, including 438 in manufacturing and production companies, in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa. It is available for download here.