Comparitech recently unveiled new research looking into the worldwide impact of ransomware against the manufacturing industry. According to their findings, reported ransomware attacks cost these companies over $1.9 million per day in downtime, resulting in total estimated losses of $17 billion between January 2018 and October 2024. It's important to remember that this only encompasses reported attacks.
Additionally, in 2023, a reported 43.9 million records were compromised by double extortion attacks. In these situations money is not only demanded for returning access to stolen data, but threats are levied that promise to release the data to the public if ransom demands are not met. Additional findings covering this time period include:
From 2018 to October 2024, we found:
- Downtime varied from several hours to 129 days.
- On average, manufacturers lose 11.6 days to downtime resulting from ransomware attacks.
- Ransom demands varied from $5,000 to $200 million. The latter was demanded after LockBit’s attack on Boeing (which wasn’t paid).
- On average, attackers demanded $10.7 million in ransom. Based on that figure, we can estimate that around $9.3 billion in ransom has been demanded in total.
- Manufacturers within the transportation/automotive sector saw the highest number of attacks, closely followed by those in food and beverage.
- Egregor and Conti were the most dominant strains of ransomware in 2020 and 2021, respectively. LockBit dominated in 2022 and 2023. Play and Black Basta were the main players in 2024.
The Top 5 Largest Ransom Demands in Manufacturing
- Boeing - $200 million: LockBit demanded $200 million from Boeing in October 2023. Boeing refused to pay and the gang released 43GB of data that it claimed to have stolen. The gang suggested Boeing did enter into negotiations at one time.
- Johnson Controls International – $51 million: Dark Angels hit the industrial equipment manufacturer in September 2023 and demanded $51 million. Johnson Controls didn’t confirm whether or not a ransom was paid but the attack caused widespread disruption for several months with recovery efforts costing the company $27 million.
- Quanta Computer Inc., Acer, E.M.I.T. Aviation Consulting Ltd., and Continental – $50 million: Throughout 2021 all four of these companies were hit with $50 million ransoms from REvil and LockBit. REvil demanded the amount from Acer in March 2021 and from Quanta Computer, Inc. in April 2021. Acer offered the hackers $10 million but was refused. In October 2021, LockBit hit E.M.I.T. Aviation Consulting Ltd after allegedly stealing 6TB of data. Then, in August 2022, it hit Continental with the same ransom–Continental refused to meet these demands.
- Foxconn Electronics – $34.7 million: In November 2020, DoppelPaymer infected Foxconn’s systems in North America with ransomware before demanding nearly $35 million in ransom. It took around nine days for the company to recover.
- Pierre Fabre – $25 million: Cosmetics brand, Pierre Fabre, suffered a REvil ransomware attack in March 2021 where the hackers demanded $25 million. When Pierre Fabre didn’t meet these demands, it upped the ransom to $50 million. The company was able to restore systems within 24 hours, however.
To see the complete findings, click here.
