In the first half of 2024, we observed 396 undisclosed ransomware attacks on the manufacturing industry – amounting to 17% of all undisclosed attacks we recorded during this period. This trend underscores the growing targeting of this sector by ransomware groups. In this article, we will examine some of the largest attacks to date, explore the reasons behind the increasing focus on the manufacturing industry, and discuss why some companies may choose not to report these attacks.
1. MKS Instruments (February 2023)
In February 2023, MKS Instruments, a major semiconductor equipment manufacturer, suffered a devastating ransomware attack. The attackers encrypted systems by deploying malware, disrupting MKS’s production-related systems. The financial impact was severe, with a 20% decrease in quarterly revenue, amounting to over $200 million in losses. The company had to temporarily suspend operations at some facilities, particularly affecting its $1.96 billion Vacuum Solutions Division and its $1.06 billion Photonics Solutions Division.
More than a month later, not all affected manufacturing and service operations had reopened. Additionally, a former employee filed a class-action lawsuit alleging negligent cybersecurity practices, further complicating the company’s recovery efforts. The attack also had a cascading effect on the supply chain, with chip maker Applied Materials reporting $250 million in losses due to the incident at MKS. The company incurred additional costs related to forensic experts, restoration efforts, and legal counsel, and had to enhance its cybersecurity measures significantly.
2. Brunswick Corporation (June 2023)
In June 2023, Brunswick Corporation, a leading marine manufacturing company, disclosed a major cyberattack that disrupted operations across global facilities. The company paused some operations to contain the incident, engaged security experts, and coordinated with law enforcement agencies. The financial impact was substantial, with an estimated cost of at least $85 million.
The attack caused significant disruption in the Propulsion and Engine Parts & Accessories segments, and due to the proximity to the end of the quarter, there was limited opportunity to recover within the same period. The downtime at Navico, a marine electronics company acquired by Brunswick, alone amounted to about $13 million in losses. The company faced challenges in recovering lost production days, particularly for high-horsepower outboard engines, due to a full production schedule for the rest of the year.
3. Simpson Manufacturing Company (October 2023)
In October 2023, Simpson Manufacturing Company, a building materials manufacturer, fell victim to a suspected ransomware attack. The company took systems offline to contain the incident, which disrupted business operations for several months. Simpson Manufacturing, which produces building materials including anchors, connectors, and retrofitting materials, experienced a 9.4% decline in stock value over one month due to the disruption.
The company engaged leading third-party cybersecurity experts to support its investigation and recovery efforts, but the incident continued to cause significant operational disruptions. The attack highlighted the vulnerability of manufacturing companies to ransomware and the extensive impact such incidents can have on their operations and financial stability.
4. The Clorox Company (August 2023)
The Clorox Company suffered a ransomware attack in August 2023, leading to over a month of disrupted order processing and significant product outages. The financial impact included $49 million in direct costs from the attack and recovery efforts, and an estimated $356 million in total losses, including a 20% decline in Q1 2024 net sales.
The attack forced Clorox to manually process orders, significantly slowing down its operations and affecting its ability to meet consumer demand. The company had to implement extensive recovery measures and enhance its cybersecurity posture to prevent future incidents.
Why Are Ransomware Attacks on Manufacturers Growing?
Moving on, let’s take a look at why these attacks are growing. Manufacturing operations are highly time-sensitive, and any disruption can lead to significant financial losses. This urgency makes the sector an attractive target, as manufacturers are more likely to pay ransoms to restore operations quickly.
Additionally, the rise of connected devices and the integration of IT and operational technology (OT) systems have expanded the attack surface for cybercriminals. Many legacy systems in manufacturing were not designed with security in mind, making them vulnerable to attacks.
Manufacturers often rely on complex supply chains involving multiple third-party suppliers. A breach in any part of the supply chain can compromise the entire network.
Lastly, ransomware attacks on manufacturing companies can yield substantial financial rewards for attackers. The average ransom payment in the manufacturing sector increased to almost $2.4 million in 2023, reflecting the high stakes involved.
Why Might Manufacturing Organizations Not Report Attacks?
Many manufacturing organizations choose not to report attacks, there’s a lot of different reasons for this. Reporting an attack can harm the organization’s reputation and lead to a loss of trust from customers and partners in the company’s ability to protect sensitive information and maintain operational security.
Publicizing an incident can also lead to a decline in stock prices, loss of business opportunities, and increased costs due to litigation, regulatory fines, or the need to implement more stringent security measures.
The process of investigating and reporting a ransomware incident can also divert valuable resources away from important manufacturing activities, leading to production delays and increased costs. If an organization is unsure about the extent or impact of the attack, it might delay reporting until it has a clearer understanding, fearing premature disclosure could cause unnecessary panic or damage.
Finally, publicizing an attack might encourage other malicious actors to target the organization, thinking it is an easy or valuable target for future attacks, a risk that some companies may want to avoid. These factors contribute to the reluctance of some manufacturing organizations to report ransomware incidents transparently.
Protection With BlackFog’s Anti Data Exfiltration (ADX) Solution
Cyberthreats are becoming more advanced, from sophisticated malware to insider attacks. BlackFog provides complete protection against these risks. Our enterprise ADX solution uses advanced AI based algorithms to stop cyberattacks and prevent data exfiltration in real-time. This preventative approach also provides 24/7 protection without the need for human intervention, unlike most cybersecurity solutions in the market today.
Learn more about how BlackFog protects enterprises from the threats posed by ransomware.
Related Posts
BlackFog Wins 2024 CyberSecurity Breakthrough Award
BlackFog Wins Coveted ‘AI-based Cybersecurity Innovation of the Year' in the 2024 CyberSecurity Breakthrough Awards Program
Big Game Hunting is on the Rise in Cybercrime
Big game hunting in cybercrime refers to attacks where cybercriminals target large organizations with the goal of demanding hefty ransoms. This article explores the tactics used in these attacks, provides real-world examples, and explains why this form of cybercrime is becoming increasingly common.
RansomHub: The Rise of a New Ransomware Threat
Explore RansomHub, a ransomware group emerging in Feb 2024. Discover their tactics, notable attacks, sophisticated techniques, and links to other cybercriminals.
The State of Ransomware 2024
BlackFog's state of ransomware report measures publicly disclosed and non-disclosed attacks globally.
TAG Blog Series 3 – How ADX is Integrated by BlackFog
Integrating Anti Data Exfiltration (ADX) solutions is essential for enterprise cybersecurity. This article examines how BlackFog's ADX enhances existing technologies by focusing on prevention and the shift-left paradigm. It illustrates ADX's effectiveness against ransomware and its support for modern managed security service providers, demonstrating how ADX integration creates a comprehensive security solution.
Data Exfiltration Extortion Now Averages $5.21 Million According to IBM’s Report
According to IBM's 2024 Data Breach Report, the financial toll of data exfiltration extortion has surged, with the average cost now reaching $5.21 million per incident. This alarming trend highlights the growing sophistication of cybercriminals and the increasing financial risks organizations face when sensitive data is compromised. As data breaches continue to escalate, businesses must prioritize robust cybersecurity measures to mitigate these costly threats.