Connect with us

Hi, what are you looking for?


Manufacturing, production companies hit by ransomware are least likely to pay ransom – Sophos

The average ransomware recovery cost was $1.52 million, less than the global average of $1.85 million.

Photo by Adi Goldstein from

Sophos, a global leader in next-generation cybersecurity, published a new sectoral survey report, “The State of Ransomware in Manufacturing and Production 2021,” that reveals companies in this sector were the least likely (at 19%) to submit to a ransom demand to have encrypted files restored and the most likely (at 68%) to be able to restore data from backups.

The practice of backing up data could be a reason why this sector was also the most affected by extortion-based ransomware attacks, a pressure technique where attackers don’t encrypt files, but rather threaten to leak stolen information online if a ransom demand isn’t paid. The survey studied the extent and impact of ransomware attacks during 2020.

The ransomware findings for the manufacturing and production sector include:

Advertisement. Scroll to continue reading.
  • 36% of the businesses surveyed were hit by ransomware in 2020
  • 9% of ransomware victims were hit with extortion-based ransomware attacks, compared to a global average of 7%
  • The average ransomware recovery cost was $1.52 million, less than the global average of $1.85 million 

“The sector’s high ability to restore data from backups enables many companies to refuse attacker demands for payment in the case of traditional, encryption-based ransomware attacks,” said Chester Wisniewski, principal research scientist at Sophos. “However, it also means that adversaries are forced to find other approaches to make money from victims, such as stealing data and threatening to leak company information if their financial demands aren’t met. Backups are vital, but they cannot protect against this risk, so manufacturing and production businesses should not rely on them as an anti-extortion defense. Organizations need to extend their anti-ransomware defenses by combining technology with human-led threat hunting to neutralize today’s advanced human-led cyberattacks.”

The findings also show that manufacturing and production companies worry more than any other sector about being attacked with ransomware in the future. Sixty percent of respondents said this is because attacks are so sophisticated, they have become harder to stop. Forty-six percent believe that since ransomware is so prevalent, it is inevitable they’ll get hit by cybercrime.

In the light of the survey findings, Sophos experts recommend the following best practices for all organizations across all sectors:

  1. Assume the organization will be hit. Ransomware remains highly prevalent. No sector, country, or organization size is immune from the risk. It’s better to be prepared and not be hit than the other way round.
  2. Make frequent backups. Routine backups are the number one method organizations use to get their data back after an attack. Even if organizations pay the ransom, attackers rarely return all of the data, so backups are essential either way. Aim for an approach that involves at least three different copies, using at least two different backup systems, and with at least one copy stored offline and preferably offsite.
  3. Deploy layered protection. In the face of the considerable increase in extortion-based attacks, it is more important than ever to keep the adversaries out of the network in the first place. Use layered protection to block attackers at as many points as possible across an entire estate. 
  4. Combine human experts and anti-ransomware technology. The key to stopping ransomware is defense in depth that combines dedicated anti-ransomware technology and human-led threat hunting. Technology provides scale and automation, while human experts are best able to detect the telltale tactics, techniques and procedures that indicate when a skilled attacker is attempting to break in. To bolster in-house skills, enlist the support of a specialist cybersecurity company. Security Operations Centers (SOCs) are now realistic options for organizations of all sizes.
  5. Don’t pay the ransom, if this is an option. Independent of any ethical considerations, paying the ransom is an ineffective way to get data back. Sophos research shows that after a ransom is paid adversaries will restore, on average, only two-thirds of the encrypted files.
  6. Have a malware recovery plan and continuously test and update it. The best way to stop a cyberattack from turning into a full breach is to prepare in advance. Organizations that fall victim to an attack often realize they could have avoided a lot of cost, pain and disruption, if they had an incident response plan in place.


Like Us On Facebook

You May Also Like


Today, the App Store stands at the forefront of app distribution, setting the standard for security, reliability, and user experience.


Kaspersky has detected and blocked over 13 million web threats from its security solutions for businesses in Southeast Asia (SEA). Historical data from the...


Kaspersky has been at the forefront of raising awareness about cybercrimes and empowering individuals and organizations to protect themselves.


“We remind our customers to carefully inspect URLs before opening them. Criminals often use spellings very close to legitimate domains to deceive customers into...


For the Philippines, PH-CERT and NADPOP estimate that the country needs 180,000 trained and validated cybersecurity professionals to proactively and effectively protect the country’s...

White Papers

46% of geo-distributed companies encountered network problems between one and three times per month, while 13% stated they experienced network challenges every week. The...


“Data is the new oil. Cyber criminals steal personal information to defraud you or use your identity to victimize people close to you. Guard...

White Papers

According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government...