<p>The manufacturing sector is increasingly bearing the brunt of ransomware attacks, ranking as the most-targeted sector in separate analyses from researchers at <a target=”_blank” href=”https://nordstellar.com/blog/ransomware-statistics/” rel=”noopener”>NordStellar</a>, <a target=”_blank” href=”https://8726485.fs1.hubspotusercontent-na1.net/hubfs/8726485/Reports/KELA%20Report%20-%20National%20Cybersecurity%20Report%20Ransomware.pdf” rel=”noopener”>KELA</a>, <a target=”_blank” href=”https://get.zerofox.com/rs/143-DHV-007/images/ZeroFox-2025-Ransomware-Wrap-Up-Report.pdf?version=1″ rel=”noopener”>ZeroFox</a>, <a target=”_blank” href=”https://www.guidepointsecurity.com/resources/grit-2026-ransomware-and-cyber-threat-report/” rel=”noopener”>GuidePoint Security</a> and <a target=”_blank” href=”https://www.dragos.com/resources/press-release/dragos-2026-year-in-review-new-ot-threats-ransomware” rel=”noopener”>Dragos</a>.</p>
<p>The reason is simple, according to experts: Ransomware operators want to maximize reward while minimizing effort and risk. In short, manufacturers are easy targets because their highly interconnected IT/operational technology (OT) systems are built on vulnerable legacy equipment, and their low tolerance for production delays motivates them to pay to end attacks. Just over half of manufacturing victims made ransom payments in 2025, according to a recent <a target=”_blank” href=”https://www.sophos.com/en-us/blog/the-state-of-ransomware-in-manufacturing-and-production-2025″ rel=”noopener”>Sophos survey</a>. The median amount was $1 million, and 18% of payments were $5 million or more.</p>
<p>”Disruptions in manufacturing that result in shutting down production systems are extremely costly,” said Paul Furtado, analyst at Gartner. He added that the interconnected nature of supply chains means a ransomware attack on one supplier often has cascading effects on its partners, their partners and so on — giving attackers additional leverage and further incentivizing victims to meet attackers’ demands.</p>
<p>Take, for example, the 2022 ransomware attack on one of Toyota Motor Company’s third-party suppliers. The incident at Kojima Industries — a manufacturer of interior and exterior automotive components, such as steering wheel parts — in turn <a target=”_blank” href=”https://www.darkreading.com/cyberattacks-data-breaches/toyota-halts-production-after-suspected-supply-chain-attack” rel=”noopener”>forced Toyota to halt production across all 14 of its Japanese factories</a>.</p>
<section class=”section main-article-chapter” data-menu-title=”Motive and means: Valuable data and vulnerable infrastructure”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Motive and means: Valuable data and vulnerable infrastructure</h2>
<p>If time is money for a manufacturer — with every moment of downtime hurting the bottom line — its data are the crown jewels.</p>
<p>”Manufacturers are guardians of trade secrets,” Furtado said, explaining that their proprietary engineering designs and production processes make them particularly susceptible to data theft.</p>
<p>Sophos found that 40% of ransomware attacks on manufacturing organizations in 2025 resulted in data encryption, 16% involved encryption and data theft, and another 10% were extortion-only ransomware attacks in which attackers stole manufacturers’ data and threatened to expose it online. Extortion-only attacks against manufacturers are rising, up from just 3% the previous year.</p>
<p>From a technical perspective, the manufacturing sector is an easy target because its systems and industrial equipment were not designed for the current era of IoT and <a href=”https://www.techtarget.com/searchitoperations/definition/IT-OT-convergence”>IT/OT convergence</a>. While connecting legacy OT to enterprise IT systems has <a href=”https://www.techtarget.com/iotagenda/tip/5-benefits-and-challenges-of-IT-OT-convergence”>enormous business benefits</a>, it also carries <a href=”https://www.techtarget.com/searchsecurity/tip/Top-OT-threats-and-security-challenges”>significant security risks</a>. Forty-two percent of manufacturing organizations that Sophos surveyed said unknown security gaps contributed to their recent ransomware attacks, and 41% cited inadequate security protections.</p>
<p>”Because of an inherent trust that’s been a staple of OT networking for so long, once you cross from IT into OT, you often have much broader access to systems than you would in a mature IT security environment,” said Paddy Harrington, analyst at Forrester. “An attacker just has to find their way across the bridge, if you will, and the doors are often wide open.”</p>
</section>
<section class=”section
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: