TheVortiq
Empresas

Russian cyberattack on Jaguar Land Rover: $2.5 billion in losses

A ransomware attack halted production for six weeks, becoming one of the costliest cyberattacks in history

July 1, 2026 · 4 min read

A factory filled with lots of machines and machinery

TL;DR: A Russian cyberattack on Jaguar Land Rover in 2025 halted production for six weeks and cost $2.5 billion to the British economy. It is one of the costliest attacks in history.

What happened?

On August 31, 2025, Jaguar Land Rover (JLR) suffered a massive cyberattack that paralyzed its factories in the UK and other plants. According to a New York Times investigation cited by TechCrunch and The Next Web, the attack was perpetrated by Russian hackers and is classified as one of the most disruptive and costly in recent years. Production halted for nearly six weeks, and losses to the British economy are estimated at $2.5 billion. The attack began with a phishing email targeting an IT employee, allowing attackers to deploy ransomware that encrypted critical systems, including production management and logistics. Unlike previous attacks, this one not only affected internal operations but also spread to key suppliers, disrupting the just-in-time supply chain that characterizes the automotive industry. The NYT investigation revealed that the hackers belonged to the APT29 group (also known as Cozy Bear), linked to Russia's Foreign Intelligence Service (SVR), elevating the incident to state-sponsored cyberwarfare.

Why is it important?

This attack underscores the vulnerability of the automotive industry, highly dependent on interconnected systems and just-in-time supply chains. JLR, a British industrial icon, was exposed to ransomware that not only affected its operations but also impacted suppliers, dealerships, and customers. The economic cost exceeds many previous cyberattacks, such as Colonial Pipeline (2021), which cost about $4.4 million in ransom but generated much smaller losses, or Maersk (2017), which affected global operations but is estimated at $300 million. In comparison, JLR's $2.5 billion represents a qualitative leap in the financial impact of an industrial cyberattack. Additionally, the attack exposed the fragility of legacy systems in manufacturing: many JLR plants still use outdated hardware and software without proper network segmentation, facilitating ransomware spread. The geopolitical importance is equally notable: it occurs amid rising tensions between the UK and Russia and could accelerate sanctions or cyber countermeasures. It also serves as a warning for other critical industries, such as energy or aviation, that rely on similar supply chains.

Consequences

  • Economic: $2.5 billion in direct and indirect losses, including lost production (approximately 100,000 vehicles not built), remediation costs (JLR is estimated to have spent $500 million on system recovery and ransom payment, though it is unconfirmed whether the ransom was paid), and reputational damage that could translate into a 15% drop in sales the following quarter, according to market analysts cited by TechCrunch.
  • Operational: Six weeks of total shutdown at factories in Castle Bromwich, Solihull, and Halewood, as well as plants in Slovakia and Brazil. Resumption was gradual, prioritizing high-demand models like the Range Rover. Supply chain delays affected over 200 direct suppliers, some reporting losses of up to $50 million, according to a report by the Society of Motor Manufacturers and Traders (SMMT).
  • Geopolitical: The British government summoned the Russian ambassador and announced an additional £1 billion investment in national cybersecurity. NATO also issued a statement condemning the attack and reinforcing threat intelligence cooperation. This incident could tighten sanctions against Russian entities linked to cyberattacks.
  • Sectoral: Other automakers like Toyota, Volkswagen, and Ford have announced immediate reviews of their security protocols, with additional investments estimated at $2 billion collectively by 2026. The industry is expected to adopt stricter standards, such as OT/IT network segmentation and AI-based intrusion detection systems.

What should readers know?

The JLR attack demonstrates that no sector is safe from state-sponsored cyberattacks. Companies must prioritize network segmentation, offline backups, and incident response plans. Additionally, public-private collaboration in threat intelligence is crucial to anticipate and mitigate these risks. Specifically, it is recommended to: (1) conduct supply chain security audits, (2) implement multi-factor authentication for all remote access, (3) keep systems updated and patched, especially in OT environments, and (4) establish communication channels with government agencies like the UK's National Cyber Security Centre (NCSC). For consumers, the immediate impact is vehicle delivery delays and possible price increases due to recovery costs. In the long term, this incident could catalyze stricter industrial cybersecurity regulation, similar to the EU's NIS2 directive. In summary, the JLR cyberattack is not an isolated event but a turning point that redefines the perception of cyber risk in global manufacturing.

Keep reading