Report: Manufacturing bears the brunt of industrial ransomware

The ransomware variant LockBit is responsible for 25% of ransomware incidents affecting industrial systems tracked by cybersecurity firm Dragos.
Large production line with industrial robot arms. (Getty Images)

Manufacturing continues to be the industrial sector hardest hit by ransomware, according to a new report by industrial cybersecurity firm Dragos.

The firm’s year-in-review reported more than 900 ransomware incidents hitting industrial organizations last year, a dramatic increase compared to 2022. Industrial organizations are often targeted both because of lax defenses and the significant costs incurred by any impact to operations — making the sector a ripe target for digital extortion.

“We saw about a 50% increase for the previous year in the number of ransomware attacks on industrial organizations,” Robert M. Lee, the CEO and founder of Dragos, told reporters ahead of the report’s release.

The vast majority of those incidents were in the manufacturing sector. Out of 905 ransomware incidents Dragos tracked, 638, or 70%, affected the manufacturing sector.


One of the main reasons that the manufacturing sector is so heavily targeted is because it adopted digitization at a much quicker pace compared to, for example, the water and wastewater or transportation sectors. But Lee was quick to point out that other industrial sectors are catching up to the broad digital footprint – and potential access points – of the manufacturing sector.

“The manufacturing industry really went through that quote unquote, digital transformation and connectivity very quickly. As a result of not investing in IoT security when they did that, we’re seeing a lot of ransomware cases, a lot of activists, criminals, etc., disrupting manufacturing,” Lee said. “Far more than gets reported publicly.”

The manufacturing sector, Lee said, still struggles with segmenting networks like those that deal with human resources from operational technology networks that control operations, which can allow a hacker broad access to the organization.

However, that trend is spreading to other sectors, such as water and wastewater, Lee warned. He expects an increase of ransomware attacks on water and other utilities as digitization becomes more common.

“As we become more connected” and “more reliant on automation and digital infrastructure,” and if we do not improve the security of operational technology, “we will start to see more and more disruption,” Lee said.


Meanwhile, criminal hackers are continuing to hold industrial organizations at ransom. LockBit was the most used ransomware variant observed by Dragos last year, hitting 222 industrial organizations and accounting for a fourth of all ransomware incidents the firm tracked. ALPHV and BlackBasta both hit around 80 industrial organizations, based on Dragos tracking, and made up around 9% of total ransomware incidents.

In the past week, ALPHV has claimed a series of attacks on energy utilities, including SerCide in Spain, the Wyoming utility Lower Valley Energy, and Canada’s Trans-Northern Pipelines. While none of those incidents appeared to have impacted operations, not all utilities will be so lucky.

A recent report by the Government Accountability Office noted that many of the agencies in charge of protecting manufacturing, energy, health care and transportation sectors from cyberattacks are largely unaware of whether companies in the sectors they oversee have implemented protections against ransomware.

Latest Podcasts