Two leading providers of industrial cybersecurity solutions – NordStellar and BlackFog – recently unveiled findings demonstrating a continued surge in ransomware attacks. While the numbers help illustrate the dire need for manufacturers to take stronger actions in defending their enterprise against these groups, what is more telling is the ongoing lack of basic defensive strategies that are aiding the hacker’s efforts.
To help quell this growth and discourage hackers from looking at the industrial sector, additional, basic steps need to be taken in the form of:
- Strengthening passwords and login credentials.
- Eliminating thought processes that position a manufacturing business as too small or too insignificant to draw the attention of hackers. If a business has money, data or a place in any supply chain, it is a target.
- Implementing and enforcing multi-factor authentication (MFA).
- Ensuring all external (internet) connections are necessary and, if so, defended.
- Creating and/or updating asset inventories in understanding all of an organization’s vulnerable connection points.
- Implementing/updating segmentation strategies to help cut hackers off from worming more deeply into networks and data respositories.
- Perhaps most importantly, after falling victim to an attack, taking steps to ensure the intruder has been expelled from the data infrastructure. Dwelling/live-off-the-land (LOTL) attacks continue to generate repeat opportunities for hackers and ongoing nightmares for manufacturers.
Looking at NordStellar’s findings:
- In January-March of 2025, there was an increase of 84 percent when compared to ransomware attacks on all industries during the same period in 2024. “Ransomware groups are getting more sophisticated, exploiting zero-day vulnerabilities faster, and leveraging ransomware-as-a-service (RaaS) to expand their reach. Many organizations still struggle with unpatched systems and weak credential security, thus, becoming easy targets. No business, regardless of size, is immune,” stated Vakaris Noreika, a cybersecurity expert at NordStellar.
- Manufacturing was the top industry hit by ransomware in Q1. Along with the affiliated sectors of oil & gas and food & beverage, these industrial markets accounted for nearly one-quarter of all ransomware attacks.
- Small and medium-sized businesses (SMBs) were the prime target for hackers specializing in ransomware. Companies with a revenue of $10 to $50 million and employing 51 to 200 people were hit by ransomware the most in Q1.
The BlackFog data showed that:
- The number of publicly disclosed ransomware attacks for the first quarter of this year reached its highest level for this period since BlackFog’s records started in 2020. This represented a 45 percent increase over Q1 2024.
- March, in particular, was a hot month – registering an 81 percent increase when compared with March 2024.
- Both January and February also set new monthly records for disclosed attacks, with increases from 2024 of 22 percent and 36 percent, respectively.
- RansomHub continued to be among the most active ransomware groups, and was responsible for nine percent of all disclosed attacks in the first three months of 2025.
- The complete report can be accessed here.