Ransomware loves retail

Issue 8 2022 Retail (Industry)

Sophos published a sectoral survey report, The State of Ransomware in Retail 2022, which found that retail had the second highest rate of ransomware attacks last year of all sectors surveyed, after the media, leisure and entertainment industry. Globally, 77% of retail organisations surveyed were hit – a 75% increase from 2020. This is also 11% more than the cross-sector average attack rate of 66%.

“Retailers continue to suffer one of the highest rates of ransomware attacks of any industry. With more than three in four suffering an attack in 2021, it certainly brings a ransomware incident into the category of when, not if. In Sophos’ experience, the organisations that are successfully defending against these attacks are not just using layered defences, they are augmenting security with humans trained to monitor for breaches and actively hunting down threats that bypass the perimeter before they can ‘detonate’ into even bigger problems.

This year’s survey shows that only 28% of retail organisations targeted were able to stop their data from being encrypted, suggesting that a large portion of the industry needs to improve its security posture with the right tools and appropriately trained security experts to help manage their efforts,” said Chester Wisniewski, principal research scientist, Sophos.

As the percentage of retail organisations attacked by ransomware increased, so did the average ransom payment. In 2021, the average ransom payment was $226 044, a 53% increase when compared to 2020 ($147 811). However, this was less than one-third of the cross-sector average ($812 000).

“It’s likely that different threat groups are hitting different industries. Some of the low-skill ransomware groups ask for $50 000 to $200 000 in ransom payments, whereas the larger, more sophisticated attackers with increased visibility demand $1 million or more,” said Wisniewski. “With Initial Access Brokers (IABs) and Ransomware-as-a-Service (RaaS), it’s unfortunately easy for bottom-rung cybercriminals to buy network access and a ransomware kit to launch an attack without much effort. Individual retail stores and small chains are more likely to be targeted by these smaller, opportunistic attackers,” said Wisniewski.

Additional findings include:

• While the retail sector was the second most targeted industry, the perceived increase in the volume and complexity of cyberattacks against the industry were slightly below the cross-sector average.

• 92% of retail organisations hit by ransomware said the attack impacted their ability to operate, and 89% said the attack caused their organisation to lose business/revenue.

• In 2021, the overall cost to retail organisations to remediate a ransomware attack was $1,27 million, down from $1,97 million

in 2020.

• When compared to 2020, the amount of data recovered after paying the ransom decreased (from 67% to 62%), as did the percentage of retail organisations that got all their data back (from 9% to 5%).

In the light of the survey findings, Sophos experts recommend the following best practices for all organisations across all sectors:

• Install and maintain high-quality defences across all points in the environment. Review security controls regularly and make sure they continue to meet the organisation’s needs.

• Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a managed detection and response (MDR) team.

• Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose.

• Prepare for the worst, and have an updated plan in place for a worst-case incident.

• Make backups and practice restoring them to ensure minimal disruption and recovery time.

To learn more about the State of Ransomware in Retail 2022, download the full report from www.sophos.com


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Sophos to acquire Secureworks
Sophos News & Events
Combining complementary AI-driven security platforms powered by automated prevention, detection and response, the two organisations can deliver advanced solutions for defeating modern, persistent adversaries even faster.

Read more...
The future of retail security?
Retail (Industry) Surveillance AI & Data Analytics
South Africa experienced a 20% increase in shoplifting between 2022 and 2023, with the Western Cape and Gauteng seeing the highest spikes in this form of crime. The figures underscore the urgent need for enhanced security solutions to address the growing challenge.

Read more...
South African organisations enhance cyber resilience with strategic cyber insurance
Sophos Information Security
Sophos has released the findings of a new study that highlighted the increasing integration of cyber insurance into the risk management strategies of South African organisations.

Read more...
Level of RDP abuse unprecedented
Sophos News & Events
Cybercriminals abused Remote Desktop Protocol (RDP) in 90% of attacks handled by Sophos Incident Response in 2023, Sophos’ newest Active Adversary Report finds. External remote services were the number-one way attackers’ initially breached networks.

Read more...
Navigating South Africa's cybersecurity regulations
Sophos Information Security Infrastructure
[Sponsored] Data privacy and compliance are not just buzzwords; they are essential components of a robust cybersecurity strategy that cannot be ignored. Understanding and adhering to local data protection laws and regulations becomes paramount.

Read more...
The song remains the same
Sophos Information Security
Sophos report found that telemetry logs were missing in nearly 42% of the attack cases studied. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.

Read more...
Reinforcing cyber defences in a world of evolving threats
Sophos Information Security
[Sponsored Content] In South Africa, the urgency to amplify cybersecurity measures is underscored by alarming statistics revealing the continued vulnerability of organisations to ransomware and other sophisticated cyberattacks.

Read more...
Helping retailers optimise monitoring and security
Guardian Eye Retail (Industry) Surveillance
From a smart retail perspective, it is crucial to understand that monitoring stock and other assets through camera surveillance and a variety of Internet of Things (IoT) sensors stretches further than the stores themselves.

Read more...
The right security solution removes the opportunity
Asset Management Retail (Industry)
South African retailers are facing a multitude of challenges, including economic fluctuations, changing consumer behaviour, increased competition, supply chain disruptions, regulatory changes and the need to adapt to digital transformation, not to mention theft.

Read more...
[Sponsored] Protecting Against Ransomware Attacks: Lessons from Recent POPIA Fine
Sophos Information Security Security Services & Risk Management
According to Sophos' most recent ransomware report, an alarming 78% of the South African organisations that Sophos surveyed experienced ransomware attacks in the past year.

Read more...