Ransomware Costs Manufacturing Sector $17bn In Downtime
Category

### #ManufacturingSecurity #RansomwareImpact #DataBreachTrends

Summary: Ransomware attacks have inflicted significant financial damage on the manufacturing sector, with estimated downtime losses reaching $17 billion since 2018. The resurgence of these attacks in 2023 highlights the urgent need for enhanced cybersecurity measures within the industry.

Threat Actor: LockBit | LockBit
Victim: Boeing | Boeing

Key Point :

  • Ransomware attacks on manufacturing have disrupted operations at 858 companies globally, costing an average of $1.9 million per day of downtime.
  • In 2023, there was a notable increase in ransomware incidents, with 194 confirmed cases compared to 109 in 2022, and over 43 million records breached in the manufacturing sector.
  • The average ransom demanded from manufacturers since 2018 is $10.7 million, with LockBit being a prominent threat actor in recent attacks.
  • Despite the high costs, only eight companies among the 858 confirmed cases disclosed ransom payments, with Boeing notably refusing a $200 million demand.
  • Experts predict that ransomware attacks in 2024 could match or exceed the levels seen in 2023, emphasizing the need for improved cybersecurity strategies.

Ransomware attacks on manufacturing companies have caused an estimated $17bn in downtime since 2018. According to new figures by Comparitech, these incidents have disrupted operations at 858 manufacturers worldwide, with each day of downtime costing an average of $1.9m.

This significant financial impact stems from the widespread disruption of ransomware attacks. Beyond halting production, they jeopardize customer orders, damage relationships and lead to prolonged recovery efforts.

Resurgence of Attacks in 2023

The data published by Comparitech today highlighted a resurgence in ransomware attacks in 2023, with 194 confirmed cases compared to 109 in 2022.

The manufacturing sector, in particular, saw a dramatic rise in data theft, as attackers breached 43.9 million records in 2023 – over 40 times more than in 2022. Notable breaches includeVF Corporation (35.5 million records) and PharMerica (5.8 million records).

Read more on the PharMerica breach: PharMerica Breach Hits Over 5.8 Million Customers

Despite this, ransom payment disclosures remain rare. Among 858 cases, only eight companies confirmed payments. Boeing notably refused to pay a$200m ransom in 2023, resulting in the public release of 43 GB of data.

The Cost of Downtime and Ransom Demands

The average downtime per attack is 11.6 days, though incidents range from hours to 129 days. Using the $1.9m daily downtime figure, researchers estimated that ransomware-induced downtime costs manufacturing companies billions annually. Notable recovery costs include:

The average ransom demanded of manufacturers since 2018 is $10.7m, with amounts ranging from $5,000 to $200m. LockBit, the ransomware strain responsible for the Boeing attack, has been a dominant player in recent years.

Sectors like transportation/automotive manufacturing (130 attacks) and food/beverage production (124 attacks) have been among the hardest hit.

Growing Threat in 2024

As of October 2024, 137 attacks have been confirmed during the year, with downtime averaging 11 days per incident. While the year is still unfolding, experts predict ransomware attacks could rival or surpass 2023 levels.

Ransomware attacks have exacted a staggering toll on the manufacturing industry, as evidenced by the downtime losses reported since 2018. This underscores the urgent need for companies to enhance cybersecurity and adopt strategies that minimize operational disruption in the event of an attack.

Source: https://www.infosecurity-magazine.com/news/ransomware-manufacturing-dollar17b