Sophos has published a new sectoral survey report, “The State of Ransomware in Manufacturing and Production 2021,” that reveals companies in this sector were the least likely (at 19%) to submit to a ransom demand to have encrypted files restored and the most likely (at 68%) to be able to restore data from backups.
The practice of backing up data could be a reason why this sector was also the most affected by extortion-based ransomware attacks, a pressure technique where attackers don’t encrypt files, but rather threaten to leak stolen information online if a ransom demand isn’t paid. The survey studied the extent and impact of ransomware attacks during 2020.
The ransomware findings for the manufacturing and production sector include:
“The sector’s high ability to restore data from backups enables many companies to refuse attacker demands for payment in the case of traditional, encryption-based ransomware attacks,” said Chester Wisniewski, principal research scientist at Sophos. “However, it also means that adversaries are forced to find other approaches to make money from victims, such as stealing data and threatening to leak company information if their financial demands aren’t met. Backups are vital, but they cannot protect against this risk, so manufacturing and production businesses should not rely on them as an anti-extortion defense. Organizations need to extend their anti-ransomware defenses by combining technology with human-led threat hunting to neutralize today’s advanced human-led cyberattacks.”
The findings also show that manufacturing and production companies worry more than any other sector about being attacked with ransomware in the future. Sixty percent of respondents said this is because attacks are so sophisticated, they have become harder to stop. Forty-six percent believe that since ransomware is so prevalent, it is inevitable they’ll get hit by the cybercrime.
In the light of the survey findings, Sophos experts recommend the following best practices for all organizations across all sectors: