Basic cybersecurity measures, such as using advanced multi-factor authentication systems

Sophos, a leader in security solutions, has unveiled new insights from its State of Ransomware in Manufacturing and Production 2025 report. A significant highlight from the findings is the changing landscape of ransomware attacks on the manufacturing sector. While encryption rates have notably decreased, adversaries are choosing alternative tactics, such as data theft and extortion.

The report, based on a survey of 332 manufacturing organisations impacted by ransomware, exposes several concerning trends:

Decline in Encryption: 40% of attacks resulted in data encryption, the lowest in five years, compared to 74% previously. However, extortion-only attacks, predicated on stolen data, rose to 10% from 3% in the prior year.

Persistent Data Theft: Among manufacturers experiencing encryption, 39% also suffered data theft, marking a high incidence across surveyed sectors.

Improved Deterrent Capabilities: An encouraging 50% of manufacturing entities thwarted attacks before encryption occurred, up from 24% last year.

Skills and Protection Gaps: Lack of expertise and unrecognised security weaknesses contribute significantly to vulnerabilities, as identified by 42.5% and 41.6% of organisations respectively.

Ransom Payments Remain High: Despite progress, 51% of impacted firms succumbed to paying the ransom, with a median payment of $1 million.

Quicker Recoveries: Recovery costs have reduced, averaging $1.3 million, with 58% of organisations recovering fully within a week—up from 44%.

Impact on Teams: Post-incident, 47% reported heightened stress within IT and security teams, while 44% faced increased leadership pressure.

Using simple measures

Basic cybersecurity measures, such as using advanced multi-factor authentication systems, anti-virus software to protect a collection of devices instead of just one device, the deletion of unnecessary cache and cookies, as well as user and employee data from time to time to secure confidential data and prevent unnecessary clutter.

The software and hardware in place to ensure cyber-protection must be authentic certified for use and updated regularly. Simple measures and using data security tools and systems that are designed for remotely connected devices can come in handy to ensure endpoint data security for users. Gajshield’s data security products and services can help with proactive endpoint data protection for your devices.

Therefore, investing in data backups is a prudent decision, as it ensures prompt response upon detection and reduces the time required for business recovery.

It is important to note that paying a ransom does not guarantee the receipt of a decryption key. Furthermore, hackers may repeatedly target the same organization throughout the year. In double extortion attacks, paying the ransom does not guarantee the deletion of stolen data from the criminals’ servers.

By - Aaradhay Sharma