🎯Basically, ransomware attacks on car companies have doubled, making it a big problem for their security.
What Happened
Ransomware has emerged as the fastest-growing cyber threat in the automotive sector, accounting for 44% of all cyber-attacks on carmakers in 2025, according to a report by Halcyon. This alarming trend indicates that ransomware attacks on car manufacturers have more than doubled over the past year.
The report highlights that cybercriminals are increasingly targeting the automotive industry, viewing it as a lucrative opportunity. The rise in attacks is attributed to the industry's rapid adoption of connected technologies and reliance on cloud services, which have expanded the attack surface significantly.
Who's Being Targeted
The automotive sector is particularly vulnerable due to its complex supply chain. Smaller suppliers often have privileged access to Original Equipment Manufacturers (OEMs) and may not have robust security measures in place. This creates multiple entry points for cybercriminals.
Signs of Infection
The surge in ransomware incidents has impacted various parts of the automotive value chain, from manufacturers to connected vehicle systems. A notable example includes Jaguar Land Rover, which faced a ransomware-related production outage lasting five weeks, costing the company an estimated £108 million per week in fixed costs and lost profits. This attack was labeled one of the most expensive in history, affecting the UK economy significantly.
How to Protect Yourself
Halcyon recommends several proactive measures for automotive IT teams to mitigate the ransomware threat: Given the escalating threats, companies across the automotive supply chain must prioritize understanding their exposure and strengthening their defenses. The need for preparedness is more critical than ever as ransomware attacks continue to evolve and target this vital industry.
Detection
- 1.Patch perimeter devices such as VPNs and ERP systems.
- 2.Implement phishing-resistant multi-factor authentication (MFA), especially for remote access and privileged accounts.
- 3.Audit third-party access and remove outdated credentials.
- 4.Harden endpoint detection and response (EDR) tools against tampering.
Removal
- 5.Maintain immutable, offline backups that are isolated from domain-joined systems.
- 6.Establish baseline security requirements for supply chain partners and monitor for breaches.
- 7.Deploy anti-ransomware solutions that can detect and stop threats before they lead to encryption.
🔒 Pro insight: The automotive sector's shift towards connected technologies makes it a prime target for ransomware, necessitating robust security measures across the supply chain.
