The latest Sophos research, the State of Ransomware in Retail, explores the extent and impact of ransomware attacks on mid-sized retail organisations globally in 2020.
The results show how retail organizations became a prime target for ransomware during the COVID-19 pandemic when many retailers started trading online for the first time simply in order to survive, while others saw a huge increase in their web traffic and online transactions.
The survey findings reveal that retail organizations were particularly vulnerable to a small but growing new trend: extortion-only attacks, where the ransomware operators don’t encrypt files but threaten to leak stolen information online if a ransom demand isn’t paid. More than one in ten (12 per cent) retail ransomware victims experienced this, nearly double the cross-sector average of 7 per cent. The only central government, at 13 per cent was more affected. Other top research findings include-
•Retail, together with education, faced the highest level of ransomware attacks during 2020, with 44 per cent of organizations hit (compared to 37 per cent across all industry sectors)
•The total bill for rectifying a ransomware attack in the retail sector, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more, was USD 1.97 million on average – compared to a cross-sector average of USD 1.85 million
•Over half (54 per cent) of the retail organizations hit by ransomware said the attackers had succeeded in encrypting their data
•A third (32 per cent) of those whose data was encrypted paid the ransom. The average ransom payment was USD147,811 (lower than the global average of USD 170,404.) However, those who paid recovered on average only two-thirds (67 per cent) of their data, leaving a third inaccessible; and just 9 per cent got all their encrypted data back
“The retail sector has always been an attractive target for cyberattacks, with its complex, distributed IT environments, including a multitude of connected point-of-sale devices, a relatively transient and non-technical workforce, and access to a wide range of personal and financial customer data,” said Chester Wisniewski, principal research scientist at Sophos.
The impact of the pandemic introduced additional security challenges that cybercriminals were quick to exploit. The comparatively high percentage of targets hit with data-theft based extortion attacks is not entirely surprising. Service industries such as retail hold information that is often subject to strict data protection laws, and attackers are only too willing to exploit a victim’s fear of fallout from a data breach in terms of fines and damage to brand reputation, sales and customer trust.
It’s not all bad news for retail IT managers, however. While enabling, managing, and securing IT during the pandemic increased the overall IT workload for three quarters of retailers – the sector was also the most likely (at 77 per cent) to see a positive return in terms of enhanced cybersecurity skills and knowledge.
“To secure retail IT networks against ransomware and other cyberattacks, we advise IT teams to focus resources on three critical areas: building stronger defenses against cyberthreats, introducing security skills training for users including part time and temporary staff, and, where possible, investing in more resilient infrastructure.”
The Sophos State of Ransomware in Retail, 2021, survey polled 5,400 IT decision-makers, including 435 retail IT managers, in 30 countries across Europe, the Americas, Asia-Pacific, and Central Asia, the Middle East, and Africa.
If you’d like to speak to one of our experts about the impact of ransomware on retailing and what defenders can do to enhance security, or about ransomware in general, please get in touch.
•Tactics, techniques and procedures (TTPs), and more, for different types of ransomware can be found on SophosLabs Uncut, the home of Sophos’ latest threat intelligence
•Information on attacker behaviors, incident reports, and advice for security operations professionals can be found on Sophos News SecOps
•Understand adversary behaviors and TTPs in the wild in Sophos’ Active Adversary Report 2021
•Learn more about the global prevalence and impact of ransomware in the State of Ransomware 2021
•To help stop ransomware attacks, read the five early indicators an attacker is present
•Learn more about Sophos’ Rapid Response service that contains, neutralizes, and investigates attacks 24/7
•The four top tips for responding to a security incident from Sophos Rapid Response and the Managed Threat Response Team