Manufacturers Under Siege: The Explosive Rise of Global Ransomware in 2025

At dawn on a quiet April morning, the hum of assembly lines in a German factory abruptly halted. Systems locked, files encrypted, and a chilling digital ransom note blinked across screens: pay up, or your secrets and operations are gone for good. This was no isolated incident. In 2025, manufacturers worldwide became the prime target of a ransomware crimewave, with hackers demanding record-breaking sums and data breaches reaching staggering new heights.

According to Comparitech’s latest analysis, 2025 saw ransomware attacks soar to 7,419 globally - an alarming 32% increase from the previous year. More than half of these attacks targeted U.S. organizations, with Canada and Germany also experiencing sharp rises. But the most startling development? A seismic shift in criminals’ sights: manufacturers, once considered less lucrative than healthcare or finance, emerged as the new bullseye.

Manufacturers endured a 56% jump in attacks, rising from 937 in 2024 to 1,466 this year. The average ransom demand for the sector skyrocketed from $523,000 to $1.16 million. “It was a similar case for legal firms,” notes Rebecca Moody, head of data research at Comparitech, “where attacks increased by 54% and ransom demands shot up by 60%.” Meanwhile, attacks on healthcare and education plateaued, suggesting that cyber extortionists are seeking bigger, more vulnerable prey - and willing to wait for larger paydays.

The scale of data theft is unprecedented. Ransomware groups claimed to have stolen 32.7 petabytes of data - enough to fill thousands of high-end laptops. The most prolific group, Qilin, alone accounted for 1,034 attacks and reportedly exfiltrated 31.2 petabytes, mostly from a single U.S. manufacturer. While these jaw-dropping figures are sometimes hard to verify, the fallout is all too real: the U.S.-based Conduent breach exposed nearly 16 million records, and the U.K.’s Co-operative Group lost £206 million in revenue after a ransomware shutdown.

Notably, while overall ransom demands dropped 26% to an average of $1.04 million, certain sectors - especially manufacturing and law - faced steeper extortion. Attackers exploited new vulnerabilities, such as zero-day flaws in software, and targeted shared service providers to maximize impact. The healthcare sector, while not seeing a rise in attack volume, still suffered massive data losses, with over 10 million records compromised in confirmed incidents.

Globally, ransomware is no longer just an IT problem but a boardroom crisis. As hackers grow bolder and more sophisticated, businesses must rethink their defenses and incident response plans. The surge in attacks against manufacturers, in particular, signals a dangerous new phase in the ransomware epidemic - one where the cost is measured not just in dollars, but in lost productivity, public trust, and national security.

WIKICROOK

• Ransomware: Malicious software that encrypts a victim’s data, demanding payment for its release.
• Data Breach: An incident where sensitive information is accessed or stolen by unauthorized parties.
• Zero-Day Vulnerability: A software flaw unknown to the vendor, exploited by attackers before a fix is available.
• Data Leak Site: A website where cybercriminals publish or threaten to publish stolen data to pressure victims.
• Petabyte: A unit of digital information storage equal to one million gigabytes (GB).

As the dust settles on another record-breaking year for ransomware, one thing is clear: the threat is evolving, and so must our defenses. Manufacturers and other high-value targets can no longer afford to see cybersecurity as optional. The next attack may not just cost millions - it could stop the world’s wheels from turning.