In the recent survey report from security firm Sophos, 77% of retail organizations were hit by ransomware globally in 2021, which is a whopping 75% increase from the previous year. This makes the retail sector experiencing the second highest ransomware attacks for the year, following media, leisure, and entertainment industry.
“With more than 3 in 4 suffering an attack in 2021, it certainly brings a ransomware incident into the category of when, not if,” said Chester Wisniewski, principal research scientist, Sophos. “This year’s survey shows that only 28% of retail organizations targeted were able to stop their data from being encrypted, suggesting that a large portion of the industry needs to improve their security posture with the right tools and appropriately trained security experts to help manage their efforts.”
As the percentage of retail organizations attacked by ransomware increased, so did the average ransom payment. In 2021, the average ransom payment was $226,044, a 53% increase when compared to 2020 ($147,811). However, this was less than one-third of the cross-sector average ($812,000).
While the retail sector was the second most targeted industry, the perceived increase in the volume and complexity of cyberattacks against the industry were slightly below the cross-sector average (both at 55%).
“It’s likely that different threat groups are hitting different industries. Some of the low-skill ransomware groups ask for $50,000 to $200,000 in ransom payments, whereas the larger, more sophisticated attackers with increased visibility demand $1 million or more,” said Wisniewski. “With Initial Access Brokers (IABs) and Ransomware-as-a-Service (RaaS), it’s unfortunately easy for bottom-rung cybercriminals to buy network access and a ransomware kit to launch an attack without much effort. Individual retail stores and small chains are more likely to be targeted by these smaller opportunistic attackers,” said Wisniewski.
In 2021, the overall cost to retail organizations to remediate a ransomware attack was $1.27 million, down from $1.97 million in 2020.
When compared to 2020, the amount of data recovered after paying the ransom decreased (from 67% to 62%), as did the percentage of retail organizations that got all their data back (from 9% to 5%)
In the light of the survey findings, Sophos experts recommend the following best practices for all organizations across all sectors:
- Install and maintain high-quality defenses across all points in the environment. Review security controls regularly and make sure they continue to meet the organization’s needs
- Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) team
- Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose
- Prepare for the worst, and have an updated plan in place of a worst-case incident scenario
- Make backups, and practice restoring them to ensure minimal disruption and recovery time