TL;DR: Threat intelligence firm Resecurity published new analysis on the Anubis ransomware attack on the Adriatic Port Authority (Italian port of Ancona) - a $10M bitcoin ransom demand that halted cargo tracking, shipping schedules, and customs processing, per Infosecurity Magazine. Combined with the June 12, 2026 cyberattack on Mackay Sugar and IBM X-Force 2026 data showing manufacturing is the #1 cyber-target sector for the fifth consecutive year at 27.7% of incidents, the message for NC manufacturers is direct: OT-side compromise is now the default ransom path, not an edge case.
Key takeaway: Operational technology - plant floor PLCs, SCADA, MES, cargo tracking, energy management - is no longer the attacker's secondary target; it is the primary leverage. NC manufacturers running flat networks where IT and OT share a routing path are next on the list. The defense is segmentation, identity, and a tested IRP - not a new firewall logo.
Need an OT/IT integration security review before the next ICS-targeted ransomware lands? Preferred Data Corporation runs managed cybersecurity and OT/IT integration for NC manufacturers since 1987. Call (336) 886-3282 or book an OT security review.
What happened with Anubis and the Adriatic Port Authority?
Per Industrial Cyber, the Anubis ransomware group targeted the Adriatic Port Authority (which operates the Italian port of Ancona). The attack chain began with a spear-phishing email, followed by lateral movement across the network exploiting unpatched vulnerabilities and privilege escalation. Attackers encrypted systems supporting cargo tracking, shipping schedules, and customs processing, and exfiltrated sensitive contracts and employee records.
Three facts an NC SMB manufacturer should write down:
- $10 million bitcoin ransom inside a 7-day window. Per Infosecurity Magazine, Anubis demanded $10M and threatened to publish stolen data if payment was not made within seven days. The aggressive timeline is the new normal for high-impact OT attacks.
- Real-world operational disruption: vessels rerouted to alternative ports. The port was unable to process incoming and outgoing shipments, forcing rerouting and disrupting normal cargo operations with millions of dollars in economic losses. That is the operational signature of an OT-side ransomware impact - the customer-facing service stops, not just the email server.
- Spear-phishing → lateral movement → OT encryption. The kill chain is the same one NC manufacturers face: a single inbox compromise enables east-west movement onto the flat network, then deployment into the OT segment that runs the line.
For NC manufacturers in High Point with MES on the plant network, NC distributors in Greensboro with warehouse management systems controlling shipping and labels, NC construction firms in Charlotte with jobsite IoT controllers, and NC healthcare practices managing biomedical devices - the Anubis playbook scales down to any OT-connected operation.
What does the broader manufacturing cyber data say in 2026?
Manufacturing is the #1 attacked sector for the fifth consecutive year, per IBM X-Force's 2026 Threat Intelligence Index - 27.7% of all cybersecurity incidents observed by X-Force in 2025 targeted manufacturers. The trend matters because the attacker investment compounds: the more manufacturers pay (or the more business they disrupt), the more affiliates pile into the sector.
| Manufacturing Cyber Data Point | 2026 Value | Source |
|---|---|---|
| Manufacturing share of cyber incidents | 27.7% (#1 sector, 5th year) | IBM X-Force 2026 |
| Ransomware share of SMB breaches | 88% | Verizon DBIR coverage |
| Mean attacker dwell time in OT | Increasing per industry data | Industrial Cyber |
| Primary initial access vector | Stolen credentials + VPN exploits + remote access tools | Industry composites |
| Anubis Adriatic Port ransom demand | $10M bitcoin / 7 days | Infosecurity |
The June 12, 2026 Mackay Sugar cyberattack - per Industrial Cyber - exposed the same pattern in the agricultural-industrial sector: a cyber incident that disrupted operations, not just business systems. The shift from "data theft" to "operational disruption" is now the dominant attacker motive in industrial settings.
Quotable definition: OT-targeted ransomware is the 2026 evolution of double-extortion ransomware. The attacker does not just encrypt and exfiltrate; they target the plant floor, the cargo tracker, the energy management system, or the SCADA so the operational impact is the leverage. The ransom is paid not for the data - it is paid to restart the line.
For NC manufacturers running a single VLAN that mixes office, ERP, MES, and PLC traffic - "flat networks" in the 2010 design tradition - the Anubis pattern requires only one inbox compromise to land on the line.
What does an OT-defense maturity model look like for NC SMBs?
Maturity progresses through four states. NC manufacturers should self-assess against this scale and identify the next step.
| OT Maturity Tier | Description | NC SMB Reality |
|---|---|---|
| Tier 0 - Flat | Office + ERP + OT on same VLAN, shared AD | Most legacy NC shops |
| Tier 1 - Logical | VLANs separate IT and OT, shared identity | Mid-tier NC manufacturers |
| Tier 2 - Segmented | Firewall between IT and OT, monitored east-west, OT identity separate | Modernized NC manufacturers |
| Tier 3 - Zero Trust OT | Identity per asset, micro-segmentation, continuous verification | NC defense / aerospace contractors |
The realistic NC SMB goal in 2026 is to move from Tier 0 / Tier 1 to Tier 2 inside 12-18 months. Tier 2 is enough to break the Anubis-style kill chain - an inbox compromise on the IT side does not give the attacker default east-west access into the PLC / SCADA / MES segment.
What should an NC SMB manufacturer do this quarter about OT security?
Run a five-step plan inside 90 days. The IBM X-Force data shows manufacturing is the consistent #1 target; the Anubis case shows the ransom mechanics work; the Mackay Sugar incident shows the impact on operational continuity.
- Inventory OT assets (this month). Pull a list of every device on every plant-floor VLAN: PLCs, HMIs, SCADA, MES servers, historian, OPC UA gateways, cameras, industrial controllers. The first surprise in most NC SMB audits is the count of devices nobody documented.
- Segment IT from OT (this month). Even a basic firewall between the office network and the plant network breaks the default attacker move from Tier 0 to Tier 1. Document the firewall rules; default deny east-west; allow only the documented protocols (Modbus, EtherNet/IP, OPC UA) on documented paths.
- Tighten remote access (this month). Vendor remote access to PLCs, HMIs, and SCADA is the second-most-common entry vector. Replace VPNs with brokered remote-access tools (Claroty xDome Secure Access, Dispel, Cyolo, BeyondTrust PRA), enforce phishing-resistant MFA, log every session, and time-box every vendor connection.
- Deploy OT monitoring (this quarter). Passive OT monitoring (Claroty, Nozomi, Dragos, Tenable.ot) provides visibility into east-west OT traffic without disrupting the line. Even a single passive sensor at the IT/OT boundary surfaces unauthorized east-west attempts within hours, not days.
- Run an OT-specific tabletop (this quarter). Most NC SMB Incident Response Plans contemplate office and email scenarios, not "the PLC stopped responding because we are encrypted." A tabletop with operations, maintenance, IT, leadership, counsel, and the insurance carrier surfaces the gaps before the live event.
Key takeaway: NC manufacturers do not need a Fortune 500 OT security budget to break the Anubis-style kill chain. Inventory + segmentation + brokered remote access + passive monitoring is the 90-day playbook that moves a NC shop from Tier 0 to Tier 2 - and that maturity step is what stops the inbox compromise from landing on the line.
Need an OT security maturity assessment scoped to your NC plant? Call (336) 886-3282 or book an OT security review.
How does Preferred Data Corporation help NC manufacturers harden OT?
PDC runs managed IT, OT/IT integration, and managed cybersecurity for NC manufacturers since 1987. We bring three things to the June 2026 OT-cyber moment:
- OT/IT integration services: OT asset inventory, IT/OT segmentation design (Purdue model), brokered remote access deployment, OT monitoring sensor rollout, and ICS / SCADA security baseline reviews aligned to ISA / IEC 62443.
- Managed cybersecurity services: Manufacturing-grade Incident Response Plan design with OT tabletops, vendor-remote-access governance, OT-aware EDR / XDR, and CMMC-aligned controls for defense supply chain NC manufacturers.
- Network infrastructure services: Manufacturing-grade firewall design (Fortinet, Palo Alto, Cisco), VLAN architecture, plant-floor wireless that does not bridge IT and OT, and SD-WAN that segregates production traffic from corporate traffic.
For NC manufacturers in High Point and the Piedmont Triad, NC distributors in Greensboro and Winston-Salem, NC industrial supply firms in Charlotte and the Research Triangle, and NC defense-supply-chain contractors - the OT cyber risk is no longer hypothetical. The Anubis case demonstrates the ransom mechanics; the IBM data demonstrates the targeting; the Mackay Sugar case demonstrates the operational impact. The work this quarter decides whether the next ICS event is a controlled drill or a Tuesday-morning shutdown.
Need an OT-cyber maturity assessment before Q4 2026? Call (336) 886-3282 or book an OT security review.
Frequently Asked Questions
Who is Anubis and what did they hit?
Anubis is a ransomware group that targeted the Adriatic Port Authority operating the Italian port of Ancona, per Industrial Cyber. The attack encrypted systems supporting cargo tracking, shipping schedules, and customs processing, forcing vessels to reroute and disrupting cargo operations. Anubis demanded a $10M bitcoin ransom inside a 7-day window with threats of data publication.
Why is manufacturing the #1 cyber-target sector in 2026?
Because the operational leverage is highest there, and because manufacturers historically underinvested in OT security. Per IBM X-Force 2026, manufacturing accounted for 27.7% of incidents observed in 2025 - the fifth consecutive year at #1. A manufacturer that loses MES, SCADA, or cargo tracking stops shipping; the operational impact is direct, immediate, and ransom-pay incentive-aligned.
What is the difference between IT and OT for an NC SMB?
IT is the office network: laptops, M365, SharePoint, the ERP front-end. OT is the plant floor: PLCs, HMIs, SCADA, MES, historians, industrial wireless, vendor remote-access. The classic NC SMB problem is "flat networks" where IT and OT share routing - which means a phishing-driven inbox compromise on the IT side gives the attacker default east-west access to the plant floor.
What is the Purdue model for OT?
The Purdue Enterprise Reference Architecture (PERA) is the industry-standard model for OT segmentation, with levels 0-5 from physical sensors to enterprise IT. The NC SMB version is simpler: separate office (IT) from plant floor (OT) with a firewall, allow only documented protocols across the boundary, and enforce identity-aware remote access from the IT side into the OT side. ISA / IEC 62443 is the corresponding security standard.
How long does an OT security assessment take for an NC manufacturer?
A typical NC SMB manufacturer (50-200 employees, single plant) sees a 3-4 week OT security assessment: week 1 for asset inventory and network discovery, week 2 for current-state segmentation and remote-access review, week 3 for risk register and prioritized remediation, week 4 for the rollout plan and budget. Mid-market NC manufacturers (200-1000 employees, multi-site) run 6-8 weeks because the plant count drives the scope.
Should NC manufacturers buy OT-specific monitoring tools?
For Tier 2 maturity and above, yes. Passive OT monitoring (Claroty, Nozomi, Dragos, Tenable.ot) surfaces unauthorized east-west traffic, vendor remote-access anomalies, and PLC configuration changes that traditional IT monitoring misses. The tooling is a measurable line item, not an unbounded budget - PDC scopes the sensor count and license cost to the NC SMB's plant footprint and integrates the alerts into the existing managed cybersecurity workflow.
Related Resources
- OT/IT Integration Services - Segmentation and ICS security
- Managed Cybersecurity Services - OT-aware EDR / XDR and IRP
- Network Infrastructure Services - Manufacturing-grade firewall design
- NightSpire Ransomware Hits Manufacturers: NC SMB Defense - Companion manufacturer ransomware analysis
- AI Cyber Threats Manufacturers Defense Guide NC - Companion manufacturing cyber guide
- Contact Preferred Data Corporation - OT security review for NC manufacturers