Arctic Wolf
Manufacturing industry: top target of ransomware attacks
Ransomware tactics continue to evolve, targeting industries with low tolerance for downtime. Artic Wolf publishes figures on this.
Cybercriminals are adapting their methods to bypass defenders' security measures: They are increasingly relying on data theft in ransomware attacks instead of just encrypting data and are refining BEC scams to infiltrate companies worldwide. The industrial sector is particularly affected.
Arctic Wolf publishes its annual Threat Report, which is based on threat, malware, digital forensics and incident response case data. It shows global threat trends and provides strategic cybersecurity recommendations for the year 2025.
Ransomware attacks: Manufacturing industry hardest hit
Despite increased law enforcement, ransomware attacks account for the largest proportion of recorded IR cases at 44%. Cyber criminals almost always rely on data exfiltration in their attacks. In 96% of the ransomware cases analyzed, the attackers stole data. The perpetrators can then resell the captured data or threaten the company with the publication of customer or other sensitive business data.
At almost 19%, the manufacturing industry accounts for the largest share of recorded ransomware IR cases. The manufacturing industry has traditionally been a particularly attractive target for cybercriminals: on the one hand, there are multiple supply chain interdependencies and a potentially large attack surface; on the other hand, manufacturers are under pressure to minimize downtime. Manufacturers often have valuable information about industrial processes and customers, which makes them vulnerable to data extortion.
The average ransom demand is USD 600,000, similar to the previous year - a lucrative business for cyber criminals. At the same time, the evaluations have shown that victim companies can significantly reduce the amounts demanded with the help of professional ransom negotiators.
"Ransomware groups have evolved their business model: even if there is a good back-up strategy in place, the threat of publishing or reselling stolen customer and business data puts companies under massive pressure - often with devastating financial and reputational consequences," explains Dr. Sebastian Schmerl, Regional Vice President Security Services EMEA at Arctic Wolf. "This tactic renders traditional back-ups ineffective as the sole means of protection. Companies must therefore increasingly rely on comprehensive threat detection, zero-trust strategies and proactive security operations approaches to identify attacks at an early stage and prevent data leaks."
BEC: Attackers follow the money
Business Email Compromise (BEC) is a special form of email phishing in which attackers attempt to persuade companies to transfer money or hand over confidential data - for example through account compromise or CEO fraud. BEC incidents account for 27% of the IR cases observed and thus remain the second most common fraud tactic.
The focus of this type of cyber fraud is on organizations that exchange money and payment data via email on a large scale: The finance and insurance industry accounted for 26.5% of BEC-IR cases, around twice as many as the second-placed industry, legal and administration. The manufacturing industry is also affected by this type of cybercrime - it follows in third place with 12%.
Few vulnerabilities are exploited disproportionately often
Intrusions were the third most common cause of recorded IR cases at 24% - a significant increase on the previous year (14.8%). Over 40,000 security vulnerabilities were recorded in 2024. There was also an increase of 134.46% in critical and serious vulnerabilities. Here too, the manufacturing industry is one of the top 5 attack targets.
"Many companies are reluctant to implement patches, even though vulnerabilities have long been known and updates are available. But every unpatched system is an open door for attackers - and that's exactly what cyber criminals are banking on," says Dr. Schmerl.
Further information and the complete Arctic Wolf Threat Report 2025 for free download can be found at arcticwolf.com.














