The manufacturing industry isn’t known for having lots of rich clients or daily high-dollar transactions, so it may seem odd that criminals would be targeting plants and factories across the country. But increasingly, that’s what’s happening.

The rate at which cybercriminals are targeting the manufacturing industry now tops the rates for industries like finance, business, retail and government. It’s an unusual development, but one that just goes to show that any type of business can be hit by a cyber attack.

Here’s what to know about the ransomware manufacturing threat.

IBM Report Highlights Ransomware Manufacturing Threat

As a technology leader for decades, IBM’s insight into cyber security matters is valuable. In 2022, the company’s X-Force Threat Intelligence Index report highlighted the emerging ransomware threat to the manufacturing industry.

The IBM Security X-Force is IBM’s in-house team of cybersecurity experts and incident-response remediators, responsible for mining billions of data points and responding to cyber incidents for clients. Their report reveals that manufacturing faced the most cyber attacks globally as well as in North America in 2021.

Manufacturing Is the Most Attacked Industry Worldwide

For the first time in over five years of the X-Force report, manufacturing was rated as the most attacked industry worldwide in 2021. About 23.2% of incidents affected a business in the manufacturing space, up from 17.7% the year before.

The previous top target category of finance and insurance declined from 23% to 22.4% of the total. Other top categories included professional and business services, energy, retail and wholesale.

The report noted factors such as supply chain issues and the Covid-19 pandemic may have contributed to the shift. While manufacturers faced all kinds of attacks in 2021, ransomware scams predominated.

Manufacturing Is Also the Most Attacked Industry in North America

Manufacturers were an even larger share of victimized businesses when narrowed down to North America. About 28% of all cyber attacks recorded in 2021 targeted a business in the manufacturing sector. Professional and business services and retail and wholesale businesses were a distant second and third at 15% and 11%, respectively.

About one in five attacks U.S. manufacturers faced were ransomware attacks, which can be particularly damaging. After installing malicious code on a manufacturer’s computer or network, ransomware locks up all the files and displays a screen with instructions for paying a large ransom with the promise of supposedly returning the files. Locked files are also often stolen and even exposed publicly, adding to the damage.

Manufacturing ransomware cyber attacks are challenging, because manufacturers have a low tolerance for downtime. Cyber criminals also took advantage of manufacturers’ crucial position in bigger supply chains, sometimes contacting the victim’s suppliers or clients to demand a ransom in order to pressure the factories and plants to pay.

Cybercriminals Exploit Technical Vulnerabilities

How cybercriminals pulled off their ransomware attacks was also surprising. At 40%, phishing attacks were a frequent culprit, but vulnerability exploitation was even higher at 47%. Other attack methods like removable media, stolen credentials and brute force attacks were far less common.

One reason vulnerability exploits topped other methods was the growth of new vulnerabilities. Internet of Things device exploits grew by 16% and industrial control systems grew by 50%. Overall, vulnerability exploits were up 33% year over year. Key exploits included vulnerabilities in software from Microsoft and Apache.

Variety of Manufacturers Have Suffered Attacks

The cyber attacks targeting manufacturing businesses have varied widely. No one type of business is affected. Some of the biggest recent attacks include:

  • May 2021 – JBS Foods, the world’s largest meat supplier, faced a ransomware attack that required the business to temporarily shut down all of its meat plants in North America and Australia. About 23% and 20% of U.S. beef and pork production was affected. The company’s computer backups were unaffected, and operations resumed after several days.
  • March 2022 – Snap-on, a U.S.-based automotive tools manufacturer, was hit with a ransomware attack by a prominent ransomware group, Conti. The company was forced to shut down all its systems after detecting suspicious activity. Cybercriminals targeted employee and franchise records and leaked data including names, social security numbers and data of birth.
  • May 2022 – AGCO, a worldwide manufacturer of agricultural equipment, experienced a ransomware attack that resulted in the closing of the majority of its production sites and parts operations. After a week, most of the business’s operations were still offline. Some were restored in the following days while full restoration was expected to take weeks to months.

Experts Have 4 Recommendations to Prevent Ransomware Cyber Attacks

In its report, the IBM team of experts includes four recommendations that can help prevent most cyber attacks.

  1. Develop a cyber response plan. Responding to a business emergency is always easier when you have a plan. A cyber response plan helps ensure your business can take action when the need arises, with steps that minimize the damage. IBM recommends specifically planning for ransomware attacks, including knowing how to plan immediate containment, reach out for help from law enforcement and minimize disruptions and delays for critical business functions.
  2. Implement multi-factor authentication. Multi-factor authentication (MFA) is a security tool that requires something else besides your login and password before giving you access. Often that’s a PIN, security question answer, or temporary security code emailed or texted to you. Some MFA systems even work with badges, key fobs and fingerprints. IBM experts note that MFA works — so much that cybercriminals are either forced to adopt new vulnerabilities or focus on regions of the globe where MFA protections are less common.
  3. Use multiple approaches to combat phishing. Email phishing scams involve using social engineering to trick you into giving a cybercriminal sensitive information, like a password or security code. IBM experts say a layered approach to this threat is most effective, meaning that your business should incorporate employee training, email security filters and active threat monitoring tools and systems to prevent and catch any phishing attempts.
  4. Improve patch and maintenance processes. Since software vulnerabilities play such a big role in manufacturing ransomware attacks, it’s a must to have a system in place to identify and manage them. The IBM report recommends working to refine and improve your business’s approach to IT patch and maintenance tasks. Ensure you have technical experts available to help protect your systems and give them the support and resources they need to function.

While these recommendations are aimed at affected businesses in the manufacturing industry, they’re tips that can benefit any business in any industry.

How to Further Protect Your Business

A ransomware attack can be a frightening scenario to consider for a business like yours. But taking the right steps can minimize your risk and protect your data from cybercriminals.

Along with recommendations from experts like those at IBM, cyber liability insurance can provide another layer of protection in the event an attacker does get through your defenses.

The industry-leading coverage from CyberLock Defense can help cover the cost of data restoration, business interruption, IT forensics, legal expenses, public relations and more, when your business experiences a cyber attack.

To learn more, visit or call us at (913) 652-7520.