




















The global manufacturing sector entered 2025 facing one of the most aggressive cyber threat environments in its history. Digital transformation, smart factories, and interconnected supply chains have expanded operational efficiency to places 50 years ago we wouldn’t have thought possible. But, this comes with unprecedented cyber risk. According to the Manufacturing Threat Landscape 2025 report, cyber incidents targeting manufacturing increased sharply year over year, placing the industry at the center of global ransomware activity.
In 2025, global ransomware incidents reached 7,419 documented cases, representing a 32 percent increase year over year. Manufacturing was the most targeted industry sector. Attacks against manufacturers rose 56 percent, increasing from 937 incidents in 2024 to 1,466 in 2025.
The financial reasoning of attacking manufacturers is the fact that downtime can cost millions per day, disrupt safety of critical operations, and cascade across global supply chains. Threat actors increasingly view production disruption as leverage rather than collateral damage.
The United States led globally with 713 manufacturing ransomware incidents, followed by India (201), Germany (79), the United Kingdom (65), and Canada (62). These figures show that both mature and emerging industrial economies face similar exposure levels.

Three structural weaknesses continue to drive manufacturing cyber risk.
Read the manufacturing threat landscape now.
Several ransomware groups dominated manufacturing attacks in 2025.

Akira, active since 2023, emerged as one of the most financially successful groups, generating an estimated $244 million in proceeds by late 2025. Akira commonly gains access through VPNs without multifactor authentication, exploited vulnerabilities, and spear phishing. A notable 2025 incident involved a German cable manufacturer, where 27 GB of sensitive data was exfiltrated before encryption.
Qilin, a Russiabased ransomware-as-a-service operation, focused heavily on manufacturing and logistics. In one 2025 attack, Qilin stole 29,843 internal files from a manufacturing and logistics firm, creating downstream supply chain risk beyond the initial victim.
Play ransomware continued to impact U.S. manufacturers, with the FBI reporting approximately 900 affected entities by mid2025. Play is known for abusing valid credentials and disabling security controls prior to encryption, increasing operational impact.
Alongside ransomware groups, hacktivist and geopolitical actors such as NoName057(16) and Chinese – aligned defacement groups targeted industrial entities with denial-of-service attacks, OT reconnaissance, and public website defacement, particularly during periods of geopolitical tension.

Ransomware remained the dominant threat vector, responsible for 890 manufacturing incidents in 2025. However, attackers used multiple entry points to gain access.
Beyond encryption, attackers also deployed data theft, extortion-only tactics, and information system disruption, reflecting a broader shift away from single vector attacks.
In Europe, manufacturing represented 72 percent of industrial ransomware attacks in Q3 2025. Average ransom demands reached $1.16 million, more than double the previous year. High profile incidents disrupted automotive, aerospace, and transportation supply chains across multiple countries.
In the United States, manufacturing was the most attacked sector for the fourth consecutive year, with ransomware comprising nearly half of all industrial breaches. Median attack costs reached $500,000, excluding long-term operational losses.
India emerged as the APAC ransomware epicenter, with 65 percent of affected companies paying ransoms and average payments reaching $1.35 million, particularly within manufacturing and critical IT services.
A manufacturing cyber security shift is needed to reprioritize the following things:
Cyber threats targeting manufacturers are expected to intensify further in 2026. AI-enabled ransomware, faster attack execution, reduced dwell time, and a continued shift toward data extortion are projected to define the next phase of industrial cyber risk.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。