Ransomware’s new target: the fragile backbone of supply chains

By Staff Report June 12, 2025 3:19 pm IST

Ransomware’s attacks are no longer just targeting data centers and banks—they’re aiming to freeze entire supply chains. From order management to transport coordination, no system is off-limits.

In the daily course of work and associated cyberthreat awareness activities, we often picture cyberattacks targeting data centres, banks, or tech firms.

What’s often overlooked, however, is the growing vulnerability of the logistics and manufacturing ecosystem in today’s hyperconnected world. Ransomware actors are no longer focused solely on financial institutions or technology giants. Increasingly, they are attacking ERP systems, inventory management platforms, transport coordination software, and similar systems that form the backbone of an organisation’s supply chain. When targeted, cyberattacks on these services can halt operations entirely and hold them to ransom—pun intended.

From the moment raw materials are ordered to the time finished goods reach store shelves, each step relies on connected systems. This connectivity, while a key enabler, has also become a critical weakness.

The shift in attacker focus is not unexpected. Supply chains present a high-impact opportunity. When a manufacturer is unable to dispatch goods or a logistics provider loses control over routing and scheduling, the consequences are swift and expensive. Attackers understand that the urgency of such disruptions increases the likelihood of ransom payments, positioning the sector as an increasingly attractive target.

In May 2025, UK logistics firm Peter Green Chilled experienced a ransomware attack that disrupted operations and revealed weaknesses in the food supply chain. The company, which supplies Tesco, Sainsbury’s, and Aldi, had to pause order processing, placing thousands of food items at risk of spoilage and financial loss. The incident underscores a shift in cybercriminal tactics—from data theft to operational disruption. Threat actors are now focusing on time-sensitive sectors like food logistics, where even brief delays can be damaging. This attack, along with others affecting Marks & Spencer and Co-op, highlights the urgent need for stronger cybersecurity and greater supply chain resilience. Ransomware groups are no longer just targeting files—they are aiming to paralyse entire supply chains.

When it comes to securing supply chains, it’s important to recognise their complexity. They involve numerous stakeholders, including vendors, transporters, warehouses, and technology providers. All of these parties are digitally connected, but not all enforce cybersecurity standards as rigorously as the organisation itself. Attackers often exploit this disparity.

Frequently, cybercriminals don’t target the main manufacturer directly. This may be because the primary target is better protected and more difficult to breach. Instead, attackers look for quicker access by compromising smaller vendors or associates with weaker defences, using them as entry points. Many of these smaller entities rely on outdated software or systems that have gone without updates for years. These legacy systems were never built to defend against today’s sophisticated cyber threats. As a result, attackers can gain access and lock down critical systems—be it order management, warehouse control, customer databases, or all of the above.

Such incidents are no longer uncommon. They are becoming a routine challenge in manufacturing and logistics. Even short periods of downtime can result in weeks of backlog, especially in environments where schedules are tight and profit margins narrow—not to mention the reputational damage and erosion of consumer trust.

To defend effectively against supply chain attacks, begin by mapping your digital supply chain. Identify where your operations depend on third-party digital services such as fleet management, warehouse automation, or vendor coordination. Every endpoint should be seen as a possible risk vector.

Next, adopt Zero Trust principles. Practices like identity verification, least privilege access, and network segmentation must be embedded into the culture from the moment a new third-party associate is onboarded. This ensures that, even if part of the infrastructure is compromised, the damage can be contained.

Real-time monitoring and swift incident response are also critical. Delays in identifying and reacting to breaches can magnify the damage. Continuous monitoring and a clearly defined response protocol for ransomware incidents—covering prevention through to mitigation—are essential.

Equal emphasis should be placed on robust backups and continuity planning. Regularly test backups and recovery mechanisms to prevent unexpected failures. Store critical configurations in isolated environments for added protection.

Finally, focus on employee education and maintain ongoing awareness. Through refresher courses and targeted training efforts, instil a culture of cybersecurity consciousness across your workforce. Every staff member must understand their role in maintaining daily cyber hygiene. Training those directly involved in the supply chain is just as vital as addressing technical vulnerabilities.

Manufacturing and logistics organisations must treat cybersecurity as an integral part of operational safety. Just as you wouldn’t allow faulty machinery on the floor, you shouldn’t tolerate insecure digital systems in your network. This mindset must be adopted across the entire organisation and its supply chain—not confined to the IT department.

Authored by Binoy Koonammavu, Founder & CEO of ValueMentor