In the first half of 2024, we observed 396 undisclosed ransomware attacks on the manufacturing industry – amounting to 17% of all undisclosed attacks we recorded during this period. This trend underscores the growing targeting of this sector by ransomware groups. In this article, we will examine some of the largest attacks to date, explore the reasons behind the increasing focus on the manufacturing industry, and discuss why some companies may choose not to report these attacks.

In February 2023, MKS Instruments, a major semiconductor equipment manufacturer, suffered a devastating ransomware attack. The attackers encrypted systems by deploying malware, disrupting MKS’s production-related systems. The financial impact was severe, with a 20% decrease in quarterly revenue, amounting to over $200 million in losses. The company had to temporarily suspend operations at some facilities, particularly affecting its $1.96 billion Vacuum Solutions Division and its $1.06 billion Photonics Solutions Division.

More than a month later, not all affected manufacturing and service operations had reopened. Additionally, a former employee filed a class-action lawsuit alleging negligent cybersecurity practices, further complicating the company’s recovery efforts. The attack also had a cascading effect on the supply chain, with chip maker Applied Materials reporting $250 million in losses due to the incident at MKS. The company incurred additional costs related to forensic experts, restoration efforts, and legal counsel, and had to enhance its cybersecurity measures significantly.

In June 2023, Brunswick Corporation, a leading marine manufacturing company, disclosed a major cyberattack that disrupted operations across global facilities. The company paused some operations to contain the incident, engaged security experts, and coordinated with law enforcement agencies. The financial impact was substantial, with an estimated cost of at least $85 million.

The attack caused significant disruption in the Propulsion and Engine Parts & Accessories segments, and due to the proximity to the end of the quarter, there was limited opportunity to recover within the same period. The downtime at Navico, a marine electronics company acquired by Brunswick, alone amounted to about $13 million in losses. The company faced challenges in recovering lost production days, particularly for high-horsepower outboard engines, due to a full production schedule for the rest of the year.

In October 2023, Simpson Manufacturing Company, a building materials manufacturer, fell victim to a suspected ransomware attack. The company took systems offline to contain the incident, which disrupted business operations for several months. Simpson Manufacturing, which produces building materials including anchors, connectors, and retrofitting materials, experienced a 9.4% decline in stock value over one month due to the disruption.

The company engaged leading third-party cybersecurity experts to support its investigation and recovery efforts, but the incident continued to cause significant operational disruptions. The attack highlighted the vulnerability of manufacturing companies to ransomware and the extensive impact such incidents can have on their operations and financial stability.

The Clorox Company suffered a ransomware attack in August 2023, leading to over a month of disrupted order processing and significant product outages. The financial impact included $49 million in direct costs from the attack and recovery efforts, and an estimated $356 million in total losses, including a 20% decline in Q1 2024 net sales.

The attack forced Clorox to manually process orders, significantly slowing down its operations and affecting its ability to meet consumer demand. The company had to implement extensive recovery measures and enhance its cybersecurity posture to prevent future incidents.

Moving on, let’s take a look at why these attacks are growing. Manufacturing operations are highly time-sensitive, and any disruption can lead to significant financial losses. This urgency makes the sector an attractive target, as manufacturers are more likely to pay ransoms to restore operations quickly.

Additionally, the rise of connected devices and the integration of IT and operational technology (OT) systems have expanded the attack surface for cybercriminals. Many legacy systems in manufacturing were not designed with security in mind, making them vulnerable to attacks.

Manufacturers often rely on complex supply chains involving multiple third-party suppliers. A breach in any part of the supply chain can compromise the entire network.

Lastly, ransomware attacks on manufacturing companies can yield substantial financial rewards for attackers. The average ransom payment in the manufacturing sector increased to almost $2.4 million in 2023, reflecting the high stakes involved.

Many manufacturing organizations choose not to report attacks, there’s a lot of different reasons for this. Reporting an attack can harm the organization’s reputation and lead to a loss of trust from customers and partners in the company’s ability to protect sensitive information and maintain operational security.

Publicizing an incident can also lead to a decline in stock prices, loss of business opportunities, and increased costs due to litigation, regulatory fines, or the need to implement more stringent security measures.

The process of investigating and reporting a ransomware incident can also divert valuable resources away from important manufacturing activities, leading to production delays and increased costs. If an organization is unsure about the extent or impact of the attack, it might delay reporting until it has a clearer understanding, fearing premature disclosure could cause unnecessary panic or damage.

Finally, publicizing an attack might encourage other malicious actors to target the organization, thinking it is an easy or valuable target for future attacks, a risk that some companies may want to avoid. These factors contribute to the reluctance of some manufacturing organizations to report ransomware incidents transparently.

Cyberthreats are becoming more advanced, from sophisticated malware to insider attacks. BlackFog provides complete protection against these risks. Our enterprise ADX solution uses advanced AI based algorithms to stop cyberattacks and prevent data exfiltration in real-time. This preventative approach also provides 24/7 protection without the need for human intervention, unlike most cybersecurity solutions in the market today.

Learn more about how BlackFog protects enterprises from the threats posed by ransomware.