As the risk of falling victim to cyberthreats grows for businesses around the globe, ransomware attacks originating from supply chain breaches have quickly moved to the forefront as an urgent problem. More alarmingly, these attacks have profound impacts and costs for organizations they target. 

As we navigate the rising tide of threats and cybersecurity trends in 2025, understanding supply chain risk and its role in the spread of ransomware will be essential for IT departments working to protect their organizations from financial costs, operational disruptions, and reputation damage.    

How big is the risk?

In an increasingly connected world, virtually every supplier relationship introduces cyber risk into an organization and attackers are quick to find and exploit vulnerabilities. With the recent release of its updated Cybersecurity Framework, CSF 2.0, the National Institute of Standards and Technology (NIST) underscored the growing importance of supply chain risk by incorporating guidelines for bolstering supply chain security. 

The guidelines also highlight the wide scope of potential risks, including:

• Third party service providers or vendors, 
• Poor information security practices from lower-tier suppliers,
• Compromised software or hardware purchased from suppliers,
• Software security vulnerabilities in supply chain management or supplier systems.
• Counterfeit hardware with embedded malware, and
• Third party data storage or data aggregators.

Statistics revealing the prevalence of ransomware are concerning, too. In 2023, threat actors made 317.59 million ransomware attempts worldwide. In many cases, these attacks originate at the supply chain, with attackers gaining access to a third-party account or system. 

A real threat with real world examples

While frameworks and statistics might be difficult to contextualize, several high-profile ransomware attacks pull back the curtain on the magnitude of the risk and costs of ransomware attacks stemming from compromised points in the supply chain. These attacks illustrate the impacts of ransomware and supply chain risk on organizations, including financial costs, damage to reputation, operational disruption, and compromised data privacy and security. 

Colonial Pipeline

Type of ransomware: Darkside RaaS

Attacker: DarkSide

Date: May 7, 2021

Losses: $4.4 million (approximately $2.3 million was recovered)

In May of 2021, a ransomware attack on Colonial Pipeline made headlines around the globe as it compromised the company’s billing infrastructure and 100 gigabytes of data. 

The pipeline carries gasoline and jet fuel to the Southern United States. On May 7^th, the attackers gained access to the system that manages the pipeline using a compromised credential for a legacy VPN. To contain the attack, pipeline operations were halted and, within hours, the company worked with the FBI to pay the $4.4 million ransom. However, the company struggled to fully restore operations for several days. 

Costa Rica

Type of ransomware: Conti

Attacker: Conti Gang

Date: April 17, 2022

Losses: $30 million per day

On April 17, 2022 the Conti Gang used stolen credentials to access a VPN connection at the Costa Rican Ministry of Finance and launch a ransomware attack. Installing malware on the system, the attackers infiltrated 30 of the government’s institutions, including the Ministry of Finance and the Ministry of Science, Innovation, Technology, and Telecommunications. To contain the attack, the Costa Rican government shut down several systems.

Halting trade, limiting services, and delaying government payments, the shutdown cost the productive sector an estimated $30 million per day. The attack lasted until early May of 2022 and Costa Rica was forced to turn to the United States, Israel, and Microsoft for help to end it. 

Bluemaven

Type of ransomware: Monti

Attacker: Monti Gang

Date: August 15, 2024

Losses: To be determined

In a more recent incident, the Monti Gang targeted managed IT services provider group, Blue Maven Group. The attackers gained access through a privileged account that had been left unsecured. Affecting a total of seven customers, the attack compromised personal identifiable information and other documents, which are now being sold on the dark web. 

While the details and costs of the attack are still emerging, it remains clear that effects of this attack will be far-reaching for the organizations involved. 

Vulnerable industries in 2025

The rise of ransomware and growing risk to the global supply chain will affect industries differently. Those with large and growing supply chains and those who have the widest reaching public impact are most at risk. As we move into 2025, we’re keeping an eye on five in particular: 

1. Manufacturing

With sprawling global supply chains that are difficult to secure, manufacturers are a tempting target for attackers. This is especially true since interruptions in operations can result in costly losses in productivity with financial and reputational ramifications. Motivated to return to productivity and satisfy their customer commitments, manufacturers may be considered more likely to pay attackers to protect earnings and relationships.

2. Transportation 

Attacks on transport networks have the power to draw public attention quickly. Spanning air, ocean, road, and rail, they connect global economies and enable trade. As these networks become increasingly digitized, they become more vulnerable to cyberattacks, like ransomware. These attacks not only have the potential to interrupt operations, but they can pose safety and environmental risks.

3. Industrial control systems

As the trend toward integrating operating technology (OT) with IT systems continues to grow, industrial control systems (ICS) are emerging as a significant vulnerability. A subset of OT, these systems control infrastructure such as power grids and traffic light systems. Recent research has shown that as many as 100,000 industrial control systems are exposed, making them easy, high-value targets for attackers. 

4. Oil and gas

The energy industry is vulnerable to several supply chain threats, including ransomware cyberattacks originating at the supply chain. The Colonial Pipeline attack is just one example that illustrates that these attacks can cause operational disruptions that have profound impacts on the energy supply chain. From a business perspective, disruptions negatively affect capital investments and slow returns.   

5. Water and renewables

Exposed to many of the same risks as oil and gas, water and renewables are another industry to watch when it comes to supply chain ransomware. Relying on many contractors, suppliers, and manufacturers who often share systems, renewables projects are exposed to many points of entry from their supply chain. Moreover, the industrial control systems that make operating them possible are also at risk. 

Securing organizations across industries from supply chain ransomware attacks requires a holistic approach, deep cybersecurity expertise, and the right tools to implement proactive measures. Given the rising risk of these types of attacks, response and recovery planning are also critical. A partner with a strong cybersecurity background can help organizations protect themselves and adapt to the changing threat landscape as we move into 2025.

To learn more about how you can protect your organization from supply chain risk and ransomware, fill out the form below to connect with one of our cybersecurity experts.