According to the report, manufacturing and professional legal services were among the industries most affected by extortion attacks in 2022. Such industries often have strict production schedules or delivery pressures, with manufacturing the most in the spotlight, with 447 companies being victims.

Colonial pipeline was one of the most high-profile manufacturing-related extortion attacks in recent years. In May 2021, Colonier Pipeline Transportation, a major pipeline operator in the United States, was forced to shut down operations for five days due to a ransomware attack. In the end, Colonier paid a ransom of nearly $5 million to the hackers to restore the compromised systems.

Dong said it is therefore easier to be forced to pay ransoms when the serious consequences of extortion attacks have disrupted business and affected operations. Such industries, which often stick to older software, also increase the risk of attack. In addition, equipment is difficult to identify, resulting in the implementation of targeted protection, digital transformation of the large amount of data security issues, intellectual property protection and avoid core business disruption, and so on, are facing challenges and problems in the manufacturing industry.

350022M 138607-01

350022M 138607-01

350022M 138607-01

Similar to software as a service (SaaS), the ransomware attack industry has developed a “ransomware as a service” business model. RaaS operators are responsible for developing the underlying ransomware software package, creating consoles, establishing payment portals, managing leak points, etc., while the franchisees recruited through underground forums mainly configure the software for the target, execute ransomware attacks, and communicate with victims. The most active ransomware groups include LockBit and BlackCat (ALPHV), the report said. LockBit is known for its fast encryption speed. BlackCat is Ransomware-as-a-Service (RaaS) because it has a lower commission share than other similar services.

China also faces a complex security situation. “In terms of the number of ransomware attacks received, the Chinese mainland market ranks sixth in the Asia-Pacific region, followed by Australia, India, Japan, Taiwan and Thailand,” he said. “Many of the attacks on the Chinese market come from foreign organizations, including Lockbit, Hive and BlackCat,” Chen Wenjun, president of Petop Network Greater China, told Jiemian.com.