Arctic Wolf

Alexandra Hose,

Manufacturing industry: top target of ransomware attacks

Ransomware tactics continue to evolve, targeting industries with low tolerance for downtime. Artic Wolf publishes figures on this.

© Arctic Wolf

Cybercriminals are adapting their methods to bypass defenders' security measures: They are increasingly relying on data theft in ransomware attacks instead of just encrypting data and are refining BEC scams to infiltrate companies worldwide. The industrial sector is particularly affected.

Arctic Wolf publishes its annual Threat Report, which is based on threat, malware, digital forensics and incident response case data. It shows global threat trends and provides strategic cybersecurity recommendations for the year 2025.


Ransomware attacks: Manufacturing industry hardest hit

Despite increased law enforcement, ransomware attacks account for the largest proportion of recorded IR cases at 44%. Cyber criminals almost always rely on data exfiltration in their attacks. In 96% of the ransomware cases analyzed, the attackers stole data. The perpetrators can then resell the captured data or threaten the company with the publication of customer or other sensitive business data.

Dr. Sebastian Schmerl, Regional Vice President Security Services EMEA at Arctic Wolf © Arctic Wolf

At almost 19%, the manufacturing industry accounts for the largest share of recorded ransomware IR cases. The manufacturing industry has traditionally been a particularly attractive target for cybercriminals: on the one hand, there are multiple supply chain interdependencies and a potentially large attack surface; on the other hand, manufacturers are under pressure to minimize downtime. Manufacturers often have valuable information about industrial processes and customers, which makes them vulnerable to data extortion.

Advertisement
© Arctic Wolf

The average ransom demand is USD 600,000, similar to the previous year - a lucrative business for cyber criminals. At the same time, the evaluations have shown that victim companies can significantly reduce the amounts demanded with the help of professional ransom negotiators.

"Ransomware groups have evolved their business model: even if there is a good back-up strategy in place, the threat of publishing or reselling stolen customer and business data puts companies under massive pressure - often with devastating financial and reputational consequences," explains Dr. Sebastian Schmerl, Regional Vice President Security Services EMEA at Arctic Wolf. "This tactic renders traditional back-ups ineffective as the sole means of protection. Companies must therefore increasingly rely on comprehensive threat detection, zero-trust strategies and proactive security operations approaches to identify attacks at an early stage and prevent data leaks."

BEC: Attackers follow the money

Main causes of BEC (Business Email Compromise). BEC incidents account for 27% of the IR cases observed and thus continue to be the second most common fraud tactic. © Arctic Wolf

Business Email Compromise (BEC) is a special form of email phishing in which attackers attempt to persuade companies to transfer money or hand over confidential data - for example through account compromise or CEO fraud. BEC incidents account for 27% of the IR cases observed and thus remain the second most common fraud tactic.
The focus of this type of cyber fraud is on organizations that exchange money and payment data via email on a large scale: The finance and insurance industry accounted for 26.5% of BEC-IR cases, around twice as many as the second-placed industry, legal and administration. The manufacturing industry is also affected by this type of cybercrime - it follows in third place with 12%.

Few vulnerabilities are exploited disproportionately often

The manufacturing industry is traditionally a particularly attractive target for cyber criminals: on the one hand, there are multiple supply chain interdependencies and a potentially large attack surface; on the other hand, manufacturers are under pressure to reduce downtimes to a minimum. Because the capacities of production lines cannot be scaled at will, there is a risk of production losses that can no longer be made up for - not to mention contractual penalties, delivery bottlenecks and loss of reputation. © Arctic Wolf

Intrusions were the third most common cause of recorded IR cases at 24% - a significant increase on the previous year (14.8%). Over 40,000 security vulnerabilities were recorded in 2024. There was also an increase of 134.46% in critical and serious vulnerabilities. Here too, the manufacturing industry is one of the top 5 attack targets.

"Many companies are reluctant to implement patches, even though vulnerabilities have long been known and updates are available. But every unpatched system is an open door for attackers - and that's exactly what cyber criminals are banking on," says Dr. Schmerl.

Further information and the complete Arctic Wolf Threat Report 2025 for free download can be found at arcticwolf.com.

  • Xing Icon
  • LinkedIn Icon
Advertisement
Advertisement

You might also be interested in

Advertisement

Bihl+Wiedemann

Innovation partner for automation

Bihl+Wiedemann is a medium-sized, owner-managed company - founded in 1992 by Jochen Bihl and Bernhard Wiedemann in Mannheim. It develops and manufactures complete solutions for functional safety and data communication in machines and systems.

read more...

EUCHNER

Customized solutions for smart automation

In a world of increasing automation, functional safety is essential. Plant operators not only have to comply with legal requirements, but also ensure efficiency and availability. For more than 70 years, EUCHNER has been supplying customized...

read more...
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

Bihl+Wiedemann

Innovation partner for automation

Bihl+Wiedemann is a medium-sized, owner-managed company - founded in 1992 by Jochen Bihl and Bernhard Wiedemann in Mannheim. It develops and manufactures complete solutions for functional safety and data communication in machines and systems.

read more...
Subscribe to our newsletter
Advertisement
Back to home