Ransomware hammers manufacturing sector

February 23, 2026 – Published on TechTarget

The manufacturing sector is increasingly bearing the brunt of ransomware attacks, ranking as the most-targeted sector in separate analyses from researchers at multiple cybersecurity organizations, including GuidePoint Security.

The reason is simple, according to experts: Ransomware operators want to maximize reward while minimizing effort and risk. In short, manufacturers are easy targets because their highly interconnected IT/operational technology (OT) systems are built on vulnerable legacy equipment, and their low tolerance for production delays motivates them to pay to end attacks. Just over half of manufacturing victims made ransom payments in 2025, according to a recent survey. The median amount was $1 million, and 18% of payments were $5 million or more.

“Disruptions in manufacturing that result in shutting down production systems are extremely costly,” said Paul Furtado, analyst at Gartner. He added that the interconnected nature of supply chains means a ransomware attack on one supplier often has cascading effects on its partners, their partners and so on — giving attackers additional leverage and further incentivizing victims to meet attackers’ demands.

Take, for example, the 2022 ransomware attack on one of Toyota Motor Company’s third-party suppliers. The incident at Kojima Industries — a manufacturer of interior and exterior automotive components, such as steering wheel parts — in turn forced Toyota to halt production across all 14 of its Japanese factories.

Read More HERE.