Kaspersky and VDC Research have reported that ransomware attacks on manufacturing firms could have generated more than US$18 billion in potential losses in the first three quarters of 2025. The estimate covers only the direct cost of idle labour during operational downtime. The overall financial impact, which would also include disrupted supply chains, reputational damage and recovery efforts, would be far higher.
The findings were based on data collected across APAC, Europe, the Middle East, Africa, the Commonwealth of Independent States and Latin America. The analysis drew on the number of manufacturing organisations targeted by ransomware attempts, the average workforce size, the typical length of downtime after successful attacks and average hourly pay across these regions. All attempted attacks detected between January and September 2025 were blocked by Kaspersky solutions.
Kaspersky Security Network recorded the highest proportion of ransomware detections in manufacturing companies in the Middle East at 7 per cent, followed by Latin America at 6.5 per cent. APAC accounted for 6.3 per cent, Africa 5.8 per cent, the CIS 5.2 per cent and Europe 3.8 per cent. The estimation of potential losses demonstrates the scale of impact that could have followed if the attacks had succeeded.
Estimated financial toll of downtime
When ransomware shuts down production lines, manufacturers face immediate revenue losses from idle labour and a prolonged reduction in output. According to Kaspersky’s Incident Response Report, an average attack results in 13 days of downtime. Based on this, potential idle workforce costs in the first nine months of 2025 are estimated at US$11.5 billion in APAC, US$4.4 billion in Europe, US$711 million in Latin America, US$685 million in the Middle East, US$507 million in the CIS and US$446 million in Africa.
Kaspersky and VDC Research noted that the true financial effect would extend well beyond these figures. In addition to halted production, manufacturers would likely experience delays across supply chains, reputational setbacks and significant recovery and remediation expenses.
Jared Weiner, Research Director for Industrial Automation and Sensors at VDC Research, said the findings highlight the strain created by increasingly complex manufacturing environments. “Our research provides an estimation of the financial impact that ransomware may have had on manufacturing worldwide. The growing complexity of manufacturing environments, along with widening expertise gaps and ongoing labour challenges, makes it difficult for most organisations to manage cybersecurity effectively, but failure to do so may result in financial losses – followed by reputational blows as well. Partnering with proven cybersecurity vendors is paramount for effective IT, OT and IIoT protection,” he said.
Expanding threat landscape for manufacturers
Kaspersky observed that manufacturers of all sizes remain vulnerable. Dmitry Galov, Head of Research Centre for Russia and CIS at Kaspersky’s GReAT, said no region or tier of manufacturer is likely to be overlooked. “No region is exempt from ransomware – whether it’s the Middle East, LATAM, APAC, CIS, Africa or Europe, every manufacturing hub is constantly being targeted. Mid-tier manufacturers that could have been overlooked by threat actors in the past are also among the targets because their security budgets are smaller and their supply chain disruption effects can be larger than most realise. The manufacturing sector and all other organisations need reliable, proven defence systems and continuous user education,” he said.
Kaspersky’s wider research, available in its 2025 State of Ransomware Report, provides a detailed view of ransomware activity across different global regions.
