Main target of ransomware and data theft in the pandemic year 2020: 63 percent of the retail trade in DACH was affected by ransomware. A Sophos study shows total costs per attack in DACH on average 1,2 million euros.
Sophos has published detailed results of a global survey entitled “State of Ransomware in Retail”. The new report describes the extent and the impact of ransomware attacks on medium-sized retail companies worldwide and compared to countries and regions in 2020.
New trend: publication of stolen data
One finding is that retail businesses became a prime target for ransomware attacks during the COVID-19 pandemic; exactly at the time when many were first getting into online trading. The results also show that retailers are particularly vulnerable to a growing new trend: pure extortion attacks, in which the ransomware gangsters do not encrypt files but threaten to publish stolen information online if a ransom is not paid. At 12 percent worldwide (DACH 23 percent), more than one in ten ransomware victims in retail were affected, almost twice as many as the cross-sector average of 7 percent worldwide (DACH 10 percent).
Other important research results
Ransomware attacks on retailers in the DACH region (Image: Sophos).
- Retail, along with education, has been hardest hit by ransomware attacks. 44 percent (DACH 63 percent) of retail companies were victims of an attack compared to 37 percent (DACH 48 percent) in all industries.
- The total costs for remedying a ransomware attack in retail, taking into account downtime, personnel time, device costs, network costs, lost business opportunities, paid ransom, etc. were an average of 1,67 million euros (DACH 1,2 million euros) - compared to a cross-industry one Average of 1,57 million euros. (DACH 2,36 million euros)
- At 54 percent (DACH 50 percent), more than half of the retail companies affected by ransomware stated that the attackers had succeeded in encrypting their data.
- A third (32 percent worldwide; DACH 18 percent) of the retail companies whose data was encrypted paid ransom. The average ransom payment worldwide was 125.669 euros. In DACH, the average payment was only 9.210 euros - the lowest amount ever. However, those who paid were only able to restore an average of two-thirds (67 percent worldwide; DACH 85 percent) of their data; only 9 percent worldwide received all encrypted data back.
“Retail has always been an attractive target for cybercriminals because of its complex and distributed IT environments that include a variety of connected point-of-sale devices, employ a relatively volatile and non-tech-savvy workforce, and have access to a variety of personal and has financial customer data, ”says Chester Wisniewski, Principal Research Scientist at Sophos.
Additional security challenges
“The effects of the pandemic created additional security challenges that cybercriminals are quick to exploit. The comparatively high percentage of blackmail attacks based on data theft in retail is not entirely surprising. Service industries like retail have information that is often subject to stringent data protection laws. The attackers then exploit victims' fear of the consequences of a data breach in the form of fines and damage to brand reputation, sales and customer trust. For retail IT managers, however, it's not all bad news. It is true that the pandemic led to an increased burden on IT for three quarters of retailers. However, with 77 percent (DACH 80 percent), this sector was most likely to draw a positive balance in terms of improved cybersecurity skills and knowledge. "
Retail must protect itself better
In order to protect retail IT networks from ransomware and other cyber attacks, Sophos experts advise that IT teams focus their resources on three critical areas: building stronger defenses against cyber threats, introducing security training for users, including part-time and temporary workers, and to invest more in a resilient IT infrastructure. For the "State of Ransomware in Retail" study, 5.400 IT decision-makers - including 345 IT managers in retail - in 30 countries in Europe, North and South America, the Asia-Pacific region, Central Asia, the Middle East and Africa were surveyed .
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.