The retail industry is the second most targeted industry by ransomware

The retail industry may have been one of the few industries to both suffer losses and profits during the pandemic. While the losses came most from the closing down of their physical outlets during the lockdown, many were able to make profits by moving their business online.

Retail stores soon found themselves making more profit online than offline sales, with some brands deciding to permanently shut down their physical stores or reduce their numbers. Indeed, the retail industry was able to survive the pandemic by moving online. However, all good things do come with a heavy price as well.

As retailers moved more services online, they increased their use and dependence on technologies. This includes leveraging third-party sales platforms or even building up their own sales platform as well. While all this was seemingly profitable at first, the worst was actually just on the horizon.

For the retail industry, going online means perfecting the customer experience. This includes ensuring the entire process from picking a product online to its payment is seamless. However, many retailers fail to realize the weaknesses in their cybersecurity when moving their sales online. But its not just online retailers that are targeted as even physical retail stores can also have cybersecurity issues to worry about.

According to Sophos’ The State of Ransomware in Retail 2022 report, the retail industry had the second highest rate of ransomware attacks last year of all sectors surveyed after the media, leisure, and entertainment industry.  Globally, 77% of retail organizations surveyed were hit, a 75% increase from 2020.  This is also 11% more than the cross-sector average attack rate of 66%.

Chester Wisniewski, principal research scientist, Sophos explained that with more than three in four suffering an attack in 2021, it certainly brings a ransomware incident into the category of when not if.

“In Sophos’ experience, the organizations that are successfully defending against these attacks are not just using layered defenses, they are augmenting security with humans trained to monitor for breaches and actively hunting down threats that bypass the perimeter before they can detonate into even bigger problems,” he commented.

Wisniewski also pointed out that this year’s survey shows that only 28% of retail organizations targeted were able to stop their data from being encrypted. This clearly indicates that a large portion of the industry needs to improve its security posture with the right tools and appropriately trained security experts to help manage its efforts.

As the percentage of retail organizations attacked by ransomware increased, so did the average ransom payment. In 2021, the average ransom payment was US$226,044, a 53% increase when compared to 2020 ($147,811). However, this was less than one-third of the cross-sector average ($812K).

Interestingly, Wisniewski also felt it’s likely that different threat groups are hitting different industries, judging by the ransom amount.

“Some of the low-skill ransomware groups ask for $50,000 to $200,000 in ransom payments, whereas the larger, more sophisticated attackers with increased visibility demand $1 million or more. With Initial Access Brokers (IABs) and Ransomware-as-a-Service (RaaS), it’s unfortunately easy for bottom-rung cybercriminals to buy network access and a ransomware kit to launch an attack without much effort. Individual retail stores and small chains are more likely to be targeted by these smaller opportunistic attackers,” added Wisniewski.

The report also stated that 92% of retail organizations hit by ransomware said the attack impacted their ability to operate and 89% said the attack caused their organization to lose business/revenue. At the same time, when compared to 2020, the amount of data recovered after paying the ransom decreased (from 67% to 62%), as did the percentage of retail organizations that got all their data back (from 9% to 5%).

In light of the survey findings, Sophos experts recommend the following best practices for all organizations across all sectors. This includes installing and maintaining high-quality defenses across all points in the environment. Retailers should also review security controls regularly and make sure they continue to meet the organization’s needs.

As most retailers are still new to moving their services online, they should consider hardening the IT environment by searching for and closing key security gaps. This includes unpatched devices, unprotected machines, and open RDP ports, for example.

Most importantly, they should have backups, and practice restoring them to ensure minimal disruption and recovery time.

---

---

---

---