Manufacturers in Southeast Asia: Protect Your Business from Ransomware

by Sandra Lee, Managing Director, ASEAN and Greater China, Sophos

Ransomware attacks have become a significant threat to the manufacturing and production industry across the globe, and Southeast Asia is no exception. The region’s burgeoning manufacturing sector, coupled with increasing digitalisation, had made it a prime target for cybercriminals.

Unfortunately, the manufacturing and production industry has set the highest growth of organisations hit by ransomware in 2023 according to this year’s Sophos State of Ransomware report. With an increase of 9%, the industry is one of only three sectors with an increasing attack rate – the other two are healthcare (+7%) and financial services (+1%).

This is particularly alarming given the critical role manufacturing plays in Malaysia’s economy. The manufacturing sector is a key pillar of the country’s economic landscape, contributing RM1.2 trillion to the national GDP. It encompasses essential sub-sectors such as chemicals, automotive, and electrical and electronics.

The increasing ransomware threat poses risks not only to the sector’s operational continuity but also to the broader economic stability.  Sophos State of Ransomware report reveals that 65% of manufacturing and production organisations globally reported they were hit by ransomware last year. This is a notable increase from the previous two years (56% in 2023 and 55% in 2022) and represents a 41% increase since 2020.

In 2024, manufacturing organisations reported a mean cost of US$1.67M to recover from a ransomware attack, an increase from the US$1.08M reported in 2023. While 58% of organisations in manufacturing restored encrypted data using backups, 62% paid the ransom to get data back.  The percentage of manufacturing organisations that paid the ransom has almost doubled from our 2023 study when the sector reported one of the lowest ransom payment rates (34%) across all sectors. Of the manufacturing respondents whose organisations paid the ransom, 157 shared the actual sum paid, revealing that the average (median) payment has increased by 167% over the last year, from US$450,000 to US$1.2M.

With more than 60% of manufacturing victims choosing to pay a ransom and the median ransom paid of US$1.2 million, this is a lucrative target segment for attackers. To mitigate these risks, organisations must enhance and invest in their cybersecurity measures. Focusing on reducing detection and response times, improving monitoring, and effective threat hunting are essential strategies to defend against such attacks.

How to Protect From Ransomware

Here is our expert-recommended checklist:

Sophos recommends the following best practices to help organisations from any industry defend against ransomware and other cyberattacks:

1. Understand your risk profile, with tools such as Sophos Managed Risk which can assess an organisation’s external attack surface, prioritise the riskiest exposures and provide tailored remediation guidance
2. Implement endpoint protection that is designed to stop a range of evergreen and constantly changing ransomware techniques, such as Sophos Intercept X
3. Bolster your defences with round-the-clock threat detection, investigation and response, either through an in-house team or with the support of a Managed Detection and Response (MDR) provider
4. Build and maintain an incident response plan, as well as make regular back-ups and practising recovering data from backups