Ransomware in Manufacturing: Increased Attacks Waterloo Study Reports

Table of Contents

Ransomware in manufacturing is on the rise in recent years. Ransomware attacks have become increasingly common and are frequently reported in the news. One particularly noteworthy instance was the Colonial Pipeline ransomware attack that occurred in the United States earlier this year, resulting in widespread gasoline and heating oil delivery disruptions throughout the Eastern US.

new report from Waterloo-based eSentire has found that six foreign “gangs” have claimed over 290 victims and $45 million dollars in ransom in just the beginning of 2021. These six gangs (to be fair, these are organized crime syndicates) are not the only groups that are using ransomware to extort money from businesses. The Dark Web (unlisted websites and communities dedicated to criminal activity) actively sells ransomware starter kits and gives advice to those would-be hackers who want to collect from unsuspecting businesses.

The size of ransom demands is increasing also. A 2020 report from Coveware found that ransomware payments (the amounts criminals demand to unlock your systems) have increased dramatically since 2018. These average demands have increased from well below $10,000 to over $100,000 over just 2 years.

Insurance Is Getting Out of the Ransomware Business

ransomware in manufacturing

Insurance companies are suffering badly from ransomware, and they are starting to get out of the business of providing Cyber Insurance. For instance, AXA, one of Europe’s top 5 insurance companies, announced recently that it is suspending insurance coverage for ransomware extortion payments. If insurance companies will not cover the costs of these payments (AXA cited the rapid rise in costs as a reason) this will result in bankruptcies of small businesses throughout the world.

According to a paper released by the Institute for Security and Technology (Combatting Ransomware) the average business experiences 21 days of downtime due to these attacks, and it takes almost a full year to recover completely. The average payment has now risen to $312,493 USD in late 2020.

Unfortunately, authorities have no ability to stop these attacks. The wide-open nature of the internet and the deeply connected computer systems used by virtually everyone today makes ransomware in manufacturing a blight we are stuck with. If Insurance refuses to cover these costs, businesses will be in big trouble.

The State of IT Systems Makes Ransomware in Manufacturing Inevitable

Ransomware attacks IT systems through end-users who are unaware they are letting the attackers in. Usually, this is through phishing emails, where some staff member innocently gives the hackers access to the system.

Today’s ransomware attacker does NOT immediately go to work. They know that a lot of companies have done some basic steps to prevent an attack, so most of the time they evaluate the weaknesses in the system before they encrypt the business data.

Despite the increased knowledge of this crime, the reality is that far too many businesses still do not take this threat seriously. Ransomware in manufacturing industries is becoming so much worse because the targets are just so easy to attack.

At Sabre IT Solutions, we often perform an audit for customers when we first work with them. We are shocked to find the number who do not actively check their backups, and for whom those backups have not worked in some time. We also find that most customers do not have up-to-date computer patches, despite thinking that this is taken care of. Even in those companies that have IT staff or have outsourced their IT, we find a large percentage are not actively monitoring and performing even basic maintenance activities.

Modern ransomware attackers start auditing your systems in a manner that’s not that different to what we at Sabre IT would do. They find out which machines are vulnerable, and if they can, they disable the safeguards that keep you safe.

Active Management is the Only Option

Active management of your IT systems is really the only option to really prevent Cyber Crime today. This requires a few tools and the dedication of some time.

  • Companies need a Remote Management and Maintenance tool – often called an RMM.
    • These tools come in different levels with different capabilities. The best are about $15 to $20 per month per computer.
  • Someone needs to monitor this data, daily. Allocating about 1 hour per 50 computers is appropriate.
    • If the someone mentioned above does not have either an RMM or training to use it, this needs to be more like 8 hours a day.
  • You need a top-tier anti-virus, and ideally, an AI-powered tool to automatically shut down any encryption as it happens.
    • Good RMM tools and some Anti-Virus can detect “weird” activities and stop them – which also shuts off that user’s computer. Better safe than sorry.
  • Someone needs to spend time every day checking backups and at least weekly ensuring they are working and can be restored.
  • Someone needs to install security patches as they are released, at least to test them, then deploy them to your systems.
  • Turn on 2 Factor Authentication for everything you can. I know it’s annoying. Turn it on anyway.
  • Make sure you at least measure how often your staff falls for Phishing attacks. There are a variety of tools to achieve this. Make sure you are using one, and know where your weaknesses are.
  • Make sure that you regularly review your system and know what the newest threats are from

If you don’t have someone doing these activities (and most part-time people don’t really have the time to do it right) then you need to get on that right away. If you think this kind of thing won’t happen to your business – let me give you my number. You’ll need it sooner than later.

Subcontract Your IT Management If You Can’t Do It Yourself

Most companies with less than 50 computers are not able to afford a full-time staff member nor the software tools they should have to do their job. A good IT professional today is making over $80,000 a year once all their benefits and overheads are included.

If you find yourself in a situation where you do not have a full-time IT staff (especially if they are working on high-priority, urgent business activities like getting product out the door) then take a serious look at outsourcing. There are lots of great companies in the Waterloo Region area that provide Managed IT Services. The term “Managed IT Services” basically means outsourcing the steps I outlined in the previous section.

Finally – Don’t Be Complacent

There is a reason the US Government, Canada, Europe, and most of the rest of the world are telling their small businesses to get serious about this. It is a tidal wave of pain coming and there are way, way too many businesses that don’t take it seriously.

If a ransomware attack does hit you, be sure you get help as soon as you can. Turn off everything – pull the main switch on the power. Call some professionals and hopefully, it isn’t too late.


Ransomware attacks have become a major threat to manufacturing companies, with attackers targeting vulnerable systems through phishing emails and exploiting weaknesses in IT infrastructure. These attacks have caused significant downtime and recovery periods for businesses, with ransom demands increasing dramatically over the past few years.

Insurance companies are also starting to withdraw from offering coverage for these attacks, leaving small businesses vulnerable to bankruptcy. To prevent ransomware attacks, companies need to implement active management of their IT systems, which requires the use of Remote Management and Maintenance tools, dedicated monitoring, regular backups, security patches, and 2 Factor Authentication. If companies cannot manage their IT systems themselves, they should consider outsourcing this service to specialized IT management companies.

Give us a call at 226-336-6259 or contact us at itsales@sabrelimited.com today.

Related Posts