Checklist 442: Ransomware Rodeo

Ransomware Rodeo: JLR Shutdown, Airport Chaos, and U.S. Recovery Efforts

The global ransomware crisis is showing no signs of slowing, with fresh disruptions hitting both industry and infrastructure.

Jaguar Land Rover Shutdown

Jaguar Land Rover (JLR), a subsidiary of India’s Tata Motors, remains in its fourth week of halted production following a ransomware attack. TechCrunch reports that losses may exceed US$68 million per week, with estimates ranging widely. The company has extended its shutdown week by week, citing a “controlled restart” of operations. The Telegraph suggested insiders see November as the earliest credible restart, raising fears for JLR’s vast supply chain. The BBC noted that as many as 250,000 supply chain workers could be impacted, with some suppliers already laying off staff.

Collins Aerospace & European Airports

Collins Aerospace, a supplier of airport check-in systems, confirmed a ransomware attack that triggered widespread air travel chaos. TechCrunch reported airlines across Europe were forced into manual check-ins, causing cascading delays:

• Heathrow: 90% of flights delayed, avg. 29 minutes
• Brussels: 88% delayed, avg. 43 minutes
• Berlin Brandenburg: 94% delayed, avg. 1 hour
• Dublin: 91% delayed, avg. 26 minutes

Thirteen Heathrow flights were outright canceled. The UK’s National Crime Agency has already arrested a suspect under the Computer Misuse Act, though officials caution the investigation is ongoing.

U.S. Municipal Struggles

Recovery drags on for Nevada and St. Paul, Minnesota, both hit by ransomware earlier this year. Nevada’s “single source of truth” recovery portal still carries outdated messages from Labor Day weekend. Meanwhile, St. Paul now assures residents that “full restoration is expected soon”, though systems remain impaired.

Ransomware continues to ripple through economies, from luxury car production to air travel to state services—proof that no sector is immune.

Sophos Report: Ransomware Costs Decline, But Human Toll Rises

Ransomware remains a global threat across industries and governments, but a new study suggests some encouraging trends—even as the human impact deepens.

Findings from Sophos

UK-based security firm Sophos has released its sixth annual State of Ransomware report, surveying 3,400 IT and cybersecurity leaders across 17 countries hit by ransomware in the past year.

How Attacks Begin

• Exploited vulnerabilities: primary cause for the third year in a row, accounting for 32% of attacks.
• Compromised credentials: 23%, down from 29% in 2024.
• Malicious emails: 19%.
• Phishing emails: 18%.
   On average, organizations reported 2.7 contributing factors, split evenly across protection gaps, resourcing shortages, and security weaknesses.

Paying Up and Recovering

• 97% of organizations recovered encrypted data.
• 49% paid the ransom in 2025, down from 56% in 2024 (the second-highest year for ransom payments in six years).
• Both demands and payments over $5 million fell, though the majority of cases still involved $1 million or more.
• Final payments averaged 85% of the initial demand.
• Recovery costs dropped sharply, from $2.73 million in 2024 to $1.53 million in 2025, a 44% decline.
• Recovery is faster too: 53% were back within a week, compared to 35% in 2024.

The Human Toll

The report highlights worsening effects on IT and cybersecurity teams:

• 41% experienced increased stress or anxiety.
• 38% reported a sustained rise in workload.
• 34% felt guilty about not stopping the attack.
• 31% cited staff absences tied to stress or mental health.
• 25% saw leadership changes after attacks.

While the financial metrics show progress, Sophos warns the psychological strain on security teams is intensifying.