Ransomware loves retail

Issue 7 2022 Retail (Industry), Information Security


Boris Cipot.

Sophos published a sectoral survey report, The State of Ransomware in Retail 2022, which found that retail had the second highest rate of ransomware attacks last year of all sectors surveyed, after the media, leisure and entertainment industry. Globally, 77% of retail organisations surveyed were hit – a 75% increase from 2020. This is also 11% more than the cross-sector average attack rate of 66%.

“Retailers continue to suffer one of the highest rates of ransomware attacks of any industry. With more than three in four suffering an attack in 2021, it certainly brings a ransomware incident into the category of when, not if. In Sophos’ experience, the organisations that are successfully defending against these attacks are not just using layered defences, they are augmenting security with humans trained to monitor for breaches and actively hunting down threats that bypass the perimeter before they can ‘detonate’ into even bigger problems.

This year’s survey shows that only 28% of retail organisations targeted were able to stop their data from being encrypted, suggesting that a large portion of the industry needs to improve its security posture with the right tools and appropriately trained security experts to help manage their efforts,” said Chester Wisniewski, principal research scientist, Sophos.

As the percentage of retail organisations attacked by ransomware increased, so did the average ransom payment. In 2021, the average ransom payment was $226 044, a 53% increase when compared to 2020 ($147 811). However, this was less than one-third of the cross-sector average ($812 000).


“It’s likely that different threat groups are hitting different industries. Some of the low-skill ransomware groups ask for $50 000 to $200 000 in ransom payments, whereas the larger, more sophisticated attackers with increased visibility demand $1 million or more,” said Wisniewski. “With Initial Access Brokers (IABs) and Ransomware-as-a-Service (RaaS), it’s unfortunately easy for bottom-rung cybercriminals to buy network access and a ransomware kit to launch an attack without much effort. Individual retail stores and small chains are more likely to be targeted by these smaller, opportunistic attackers,” said Wisniewski.

Additional findings include:

• While the retail sector was the second most targeted industry, the perceived increase in the volume and complexity of cyberattacks against the industry were slightly below the cross-sector average.

• 92% of retail organisations hit by ransomware said the attack impacted their ability to operate, and 89% said the attack caused their organisation to lose business/revenue.

• In 2021, the overall cost to retail organisations to remediate a ransomware attack was $1,27 million, down from $1,97 million in 2020.

• When compared to 2020, the amount of data recovered after paying the ransom decreased (from 67% to 62%), as did the percentage of retail organisations that got all their data back (from 9% to 5%).


In the light of the survey findings, Sophos experts recommend the following best practices for all organisations across all sectors:

• Install and maintain high-quality defences across all points in the environment. Review security controls regularly and make sure they continue to meet the organisation’s needs.

• Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a managed detection and response (MDR) team.

• Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose.

• Prepare for the worst, and have an updated plan in place for a worst-case incident.

• Make backups and practice restoring them to ensure minimal disruption and recovery time.

To learn more about the State of Ransomware in Retail 2022, download the full report from www.sophos.com




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Read more...
Cybersecurity and AI
AI & Data Analytics Information Security
Cybersecurity is one of the primary reasons that detecting the commonalities and threats of what is otherwise completely unknown is possible with tools such as SIEM and endpoint protection platforms.

Read more...
Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Read more...
The CIPC hack has potentially serious consequences
Editor's Choice Information Security
A cyber breach at the South African Companies and Intellectual Property Commission (CIPC) has put millions of companies at risk. The organisation holds a vast database of registration details, including sensitive data like ID numbers, addresses, and contact information.

Read more...
AI augmentation in security software and the resistance to IT
Security Services & Risk Management Information Security
The integration of AI technology into security software has been met with resistance. In this, the first in a series of two articles, Paul Meyer explores the challenges and obstacles that must be overcome to empower AI-enabled, human-centric decision-making.

Read more...
Milestone Systems joins CVE programme
Milestone Systems News & Events Information Security
Milestone Systems has partnered with the Common Vulnerability and Exposures (CVE) Programme as a CVE Numbering Authority (CNA), to assist the programme to find, describe, and catalogue known cybersecurity issues.

Read more...
Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

Read more...
Zero Trust and user fatigue
Access Control & Identity Management Information Security
Paul Meyer, Security Solutions Executive, iOCO OpenText, says implementing Zero Trust and enforcing it can create user fatigue, which only leads to carelessness and a couldn’t care attitude.

Read more...
Passwordless, unphishable web browsers
Access Control & Identity Management Information Security
Passkey technology is proving to be an easily deployed way to bring unphishable, biometric-based security to browsers; making identification and authentication much more secure and reliable for all parties.

Read more...