Are Retailers Ready for Holiday Season Ransomware?

Retail has a ransomware problem. While almost every sector has been plagued by ransomware over this past year– which is malicious software that locks access to systems and encrypts data so that users cannot access it – retail is a particularly hard hit vertical. In just the last few weeks, we have seen ransomware attacks against electronics retail giant MediaMarkt, Europe’s largest consumer electronics retailer, and Diamond Comic Distributors, a top middleman for delivering many types of comics, including Marvel, to retail stores.

With the holidays now quickly approaching, it is a good time for organizations in retail to assess whether or not they are ready if they are hit by such an attack. With supply chains already disrupted by other factors, and customer demand at its highest level of the year, an attack could have devastating consequences for a retail organization.

A survey from Sophos of 435 IT decision makers examined the current state of ransomware in the retail sector and found 44% of retail organizations were hit by ransomware in the last year. This compares to the global average of 37% among other sectors. Retail, together with education, was the sector most hit by ransomware in 2020.

Ransomware gangs saw an opportunity amid new, increased online shopping habits during the pandemic and pounced. The survey found 54% of organizations hit by ransomware said the cybercriminals succeeded in encrypting their data in the most significant attacks, and 32% of those whose data was encrypted paid the ransom to get their data back. However, paying the ransom literally does not pay, as those who paid the ransom got back just 67% of their data on average, leaving almost a third of the data inaccessible.

The average bill for rectifying a ransomware attack in the retail sector, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more, was US$1.97 million.

If you haven’t already, now is time for retail organizations to consider security posture and have a plan to guard against – and recover from – ransomware attacks. If you don’t have a malware recovery plan in place, it is time to create and test one. Knowing how you will respond to an attack will go a long way to avoiding high financial costs, pain, and disruption. As noted earlier, paying the ransom is not a response plan. It can often lead to reputational costs and does not guarantee access to hostage data.

Any response plan should include maintaining backups, because you will need them in the event of an attack. Backups are the number one method organizations used to get their data back after an attack. Sophos recommends the rule of “3-2-1” for backups. You should have at least three different copies; the one you are using now plus two or more spares. One copy should be stored offline and preferably offsite where the bad actors can’t access it.

Also, use layered protection to block attackers at as many points as possible across your environment. Further, because ransomware gangs have become more human in their targeted attacks, it is harder to detect them with tools alone. Protection now requires both anti-ransomware technology and human-led threat hunting. Human experts are able to detect the tactics that indicate when a skilled attacker is attempting to breach an environment. If you don’t have the skills in-house, enlist the support of a specialist cybersecurity company.

Read more about how ransomware is impacting retail in Sophos new report on the state of ransomware.