Ransomware has emerged as the most significant cyber threat to the automotive industry, with attacks more than doubling in 2025 and comprising 44% of all cyber incidents targeting carmakers. This alarming trend is highlighted in a new report by security vendor Halcyon, which analyzed data from various sources to assess the current threat landscape. The report underscores a strategic shift by cybercriminals who are increasingly targeting the automotive sector due to its rapid technological advancements and complex supply chains.

The automotive industry's adoption of connected vehicle platforms, over-the-air update mechanisms, and cloud-based environments has significantly expanded its attack surface. These advancements, while beneficial, have made carmakers more vulnerable to cyber threats. Smaller suppliers, often with weaker security measures, have privileged access to original equipment manufacturers' (OEMs) IT systems, further increasing the risk of ransomware attacks. The report also highlights the industry's low tolerance for downtime, making it an attractive target for cybercriminals.

A notable example of the impact of ransomware on the automotive sector is the attack on Jaguar Land Rover (JLR) last year, which resulted in a five-week production outage. This incident, deemed the most expensive ransomware attack in history, cost the company an estimated £108 million per week and had a significant ripple effect on the UK economy, affecting smaller supply chain partners. Such incidents underscore the urgent need for enhanced cybersecurity measures within the industry.

To combat the growing ransomware threat, Halcyon recommends several proactive measures for automotive IT teams. These include patching perimeter and edge devices, deploying phishing-resistant multi-factor authentication, and auditing third-party access to remove or rotate legacy credentials. Additionally, hardening endpoint detection and response tools, maintaining offline backups, and establishing baseline security requirements for supply chain partners are crucial steps in strengthening defenses.

The report emphasizes the importance of deploying an anti-ransomware solution capable of detecting behavioral patterns indicative of an attack. By prioritizing these security measures, companies across the automotive supply chain can better understand their exposure, fortify their defenses, and ensure they are prepared to respond effectively when an attack occurs. As ransomware incidents continue to rise, taking these steps is essential to safeguarding the industry's operations and economic stability.

Source: https://www.infosecurity-magazine.com/news/automotive-ransomware-attacks/