Sophos announced new findings from the Sophos State of Ransomware in Manufacturing and Production 2025 report. The study reveals that manufacturers are stopping more ransomware attacks before data can be encrypted; however, adversaries are increasingly stealing data and using extortion-only tactics to maintain pressure. As a result, more than half of manufacturing organisations impacted by encryption paid the ransom despite progress in defensive measures. The report is based on an independent survey of 332 manufacturing organisations that were hit by ransomware in the last year.
The Sophos State of Ransomware in Manufacturing and Production report found:
– Encryption rates are falling, but adversaries are shifting tactics: 40% of attacks on manufacturers resulted in data encryption, the lowest level in five years and down from 74% last year. However, extortion only attacks surged to 10% from just 3% in 2024 as attackers increase reliance on data theft for leverage.
– Data theft remains a significant concern: 39% of manufacturers that experienced encryption also had data stolen, one of the highest rates across all surveyed sectors.
– More organisations are stopping attacks before encryption: 50% of manufacturing organisations stopped the attack before data could be encrypted, more than double last year’s 24%.
– Expertise shortfalls and inadequate protection fuel attacks: Lack of expertise was cited by 42.5% of organisations. Unknown security gaps were cited by 41.6%, and
Sophos cybersecurity rating report: https://www.rankiteo.com/company/sophos
"id": "SOP1764993671",
"linkid": "sophos",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': 'Manufacturing and Production',
'location': None,
'name': 'Manufacturing organisations',
'size': None,
'type': 'Organisations'}],
'data_breach': {'data_encryption': 'Yes (in some cases)',
'data_exfiltration': 'Yes',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': 'High',
'type_of_data_compromised': None},
'description': 'Sophos announced new findings from the Sophos '
'State of Ransomware in Manufacturing and '
'Production 2025 report. The study reveals that '
'manufacturers are stopping more ransomware '
'attacks before data can be encrypted; however, '
'adversaries are increasingly stealing data and '
'using extortion-only tactics to maintain '
'pressure. More than half of manufacturing '
'organisations impacted by encryption paid the '
'ransom despite progress in defensive measures.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Yes',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'lessons_learned': 'Manufacturers are improving defensive '
'measures but still face challenges with data '
'theft and extortion-only attacks. Lack of '
'expertise and unknown security gaps are '
'significant issues.',
'motivation': 'Financial gain, Data extortion',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Lack of expertise '
'(42.5%), unknown '
'security gaps '
'(41.6%)'},
'ransomware': {'data_encryption': '40% of attacks resulted in '
'encryption',
'data_exfiltration': '39% of manufacturers that '
'experienced encryption also '
'had data stolen',
'ransom_demanded': None,
'ransom_paid': 'More than 50% of impacted '
'organisations paid the ransom',
'ransomware_strain': None},
'recommendations': 'Enhance expertise in cybersecurity, close '
'security gaps, and improve incident response '
'strategies to mitigate ransomware and '
'extortion threats.',
'references': [{'date_accessed': None,
'source': 'Sophos State of Ransomware in '
'Manufacturing and Production 2025 '
'report',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Sophos State of Ransomware in Manufacturing and '
'Production 2025 Report Findings',
'type': 'Ransomware'}}