In the first three quarters of 2025, ransomware attacks on manufacturing organisations could have generated over $18-billion in losses, according to Kaspersky in collaboration with VDC Research.
This figure reflects just the direct cost of an idle workforce during downtime, with overall operational and financial impacts far exceeding this amount.
Estimations were made across APAC, Europe, the Middle East, Africa, CIS and LATAM based on the share of manufacturing organisations where ransomware attempts were detected and prevented, the total number of manufacturing organisations in each region, average downtime hours after real attacks, average number of employees per organisation and average hourly pay.
According to Kaspersky Security Network from January to September 2025, the Middle East (7%) and Latin America (6.5%) led the regional rankings in terms of ransomware detections in manufacturing organisations. APAC (6,3%), Africa (5,8%), CIS (5.2%) and Europe (3,8%) followed.
All of these attacks were blocked by Kaspersky solutions. The estimation of potential losses (below) shows the financial impact if these attacks succeeded.
When ransomware hits, production lines halt, triggering immediate revenue losses from an idle workforce and longer-term shortfalls from reduced output.
The average attack lasts 13 days (based on the Kaspersky Incident Response Report). As a result, idle labour costs from ransomware in the first three quarters of 2025 could have reached:
- $11,5-billion in APAC
- $4,4-billion in Europe
- $711-million in LATAM
- $685-million in the Middle East
- $507-million in CIS
- $446-million in Africa
Actual business losses could have been significantly higher when factoring in supply-chain disruptions, reputational damage, and recovery expenses.
“Our research provides an estimation of the financial impact that ransomware may have had on manufacturing worldwide,” comments Jared Weiner, research director: industrial automation and sensors at VDC Research.
“The growing complexity of manufacturing environments, along with widening expertise gaps and ongoing labour challenges, makes it difficult for most organisations to manage cybersecurity effectively, but failure to do so may result in financial losses – followed by reputational blows as well. Partnering with proven cybersecurity vendors is paramount for effective IT, OT and IIoT protection,”
Dmitry Galov, head of research centre for Russia and CIS at Kaspersky’s GReAT, adds: “No region is exempt from ransomware – whether it’s the Middle East, LATAM, APAC, CIS, Africa or Europe, every manufacturing hub is constantly being targeted.
“Mid-tier manufacturers that could have been overlooked by threat actors in the past are also among the targets because their security budgets are smaller and their supply chain disruption effects can be larger than most realise.
“The manufacturing sector and all other organisations need reliable, proven defence systems and continuous user education.”