Attacks on Production Environments 
Are on the Rise

Recent reports from international security agencies and CERTs have revealed more than 40 documented ransomware attacks targeting industrial OT (Operational Technology) systems worldwide in recent months. Affected organizations include

  • Energy providers in North America and Europe 
  • Global pharmaceutical manufacturers 
  • Food processors and water utilities 
  • Automotive suppliers 

Several of these incidents resulted in significant production disruptions - some lasting several days. Key systems affected included engineering workstations, SCADA servers, HMI projects, and centrally stored automation data.

AMDT Image

How Attackers Move 
from IT to OT

Many of these attacks follow a recurring pattern:

  • Initial access through IT vulnerabilities such as phishing emails, VPN exploits, or outdated server services.
  • Lateral movement through poorly segmented networks.
  • Access to engineering systems or central file shares containing production-relevant data.
  • Encryption or deletion of project files (e.g. PLC programs, SCADA configurations, recipe data).

In many cases, attackers exploited known but unpatched vulnerabilities - often in legacy systems that have been running for years without ever undergoing a structured security assessment.

Production Packages Production Packages

What a Ransomware Case 
Reveals About OT Vulnerabilities

In early 2024, a North American food manufacturer was the target of a coordinated ransomware attack. The attackers gained access through the IT infrastructure and quickly moved laterally into the production network. Within hours, key systems controlling production were encrypted.

The impact was severe: a complete production shutdown lasting three weeks, with more than 200 employees temporarily furloughed. Most concerning, there were no up-to-date OT backups and no tested recovery strategy in place.

This incident highlights common weaknesses in many industrial operations - insufficient segmentation between IT and OT, outdated systems, and a lack of structured backup and recovery processes for automation components.

Why OT Systems Are 
Especially Vulnerable

OT environments remain a blind spot in many cybersecurity strategies. Often, these systems have evolved over decades and consist of a patchwork of components from multiple vendors running different versions of software and outdated firmware.

In practice, many organizations lack a complete asset inventory - meaning there's no centralized view of what devices, versions, and configurations are in use and where. Without this visibility, even known vulnerabilities listed in public CVE databases go unnoticed. As a result, critical vulnerabilities persist for years-until they're exploited.

If you don't know your infrastructure, you can't protect it. And if you don't assess critical vulnerabilities, you won't understand the risk until it's too late.

What Companies 
Must Do Now

There are five key takeaways from the documented attacks:

  1. Establish full visibility of systems and data
    You can't effectively respond to incidents without a clear understanding of the systems in use, their configurations, and responsibilities.
  2. Rethink network segmentation
    Many attacks cross from IT to OT through misconfigured or overly open interfaces. Physical and logical separation of environments is essential.
  3. Backups - done right
    Backups must be automated, frequent, audited, and access controlled. Special attention should be paid to ensuring that engineering projects and configurations are backed up, not just traditional production data.
  4. Implement change management
    Anyone with access to automation systems must work in a controlled and auditable manner. Change logs aren't just a convenience - they're a critical security measure.
  5. Prepare for incident response
    What happens in an OT emergency? Who takes over? Where's the clean data? Which systems need to be restored first? Crisis response requires a well-defined plan, not a last-minute call to a technician.


True resilience is built on technical visibility, structured change and vulnerability management, and clearly defined processes. Organizations that embrace these principles don't just reduce risk-they increase their responsiveness and secure the future of their operations.