A growth rate of 75 percent may sound fantastic in the right segment, but that spelled a cyber disaster for retail last year: 77 percent fell victim to a ransomware attack, according to the latest Sophos Retail 2022 ransomware report.
This puts retail in second place after the leisure and media industry. But there is also good news: retailers paid just under a third of the cross-industry ransom.
Only a third pays the ransom
Sophos has published the latest industry results from its global ransomware report. However, the analysis "The State of Ransomware in Retail 2022" does not paint an optimistic picture for the retail sector: after the media, leisure and entertainment industry, it is the second most frequently attacked by ransomware of all analyzed industries. A total of 77 percent worldwide suffered from it in 2021 - an increase of 75 percent compared to the previous year. To put this into perspective: the cross-industry average attack rate is 66 percent.
Attacks higher than average
Chester Wisniewski, Principal Research Scientist at Sophos, puts the results: “Retailers continue to be hit by one of the highest ransomware attack rates of any industry. With more than three out of four companies attacked in 2021, a ransomware incident falls into the 'when' category, not 'if'. Sophos has found that the organizations that successfully defend against these attacks don't just use layered defenses. They also rely on experts trained to monitor security breaches and actively track down threats from cybercriminals stalking the corporate network. This year's survey shows that only about a quarter (28 percent, versus 31 percent across industries) of the retail businesses under attack were able to prevent their data from being encrypted. This shows that a large part of the industry needs to improve its security posture with the right tools and properly trained security professionals.”
Number of ransom payments increases
🔎 State of Ransomware in Retail 2022 (Image: Sophos).
As attacks on retail businesses increase, so does the average ransom payment. In 2021, it was $226.044, an increase of 53 percent compared to 2020 ($147.811). However, the average across all industries was $812.000. The retail trade thus paid far less than all industry segments put together. One explanation for this is a closer look at the size of the ransom: more than one-fifth (22 percent) of retailers paid ransoms of less than $1.000, while more than two-thirds (70 percent) spent less than $100.000. These low payments help keep the industry average low compared to many other industries.
“Different threat groups are likely to target different industries. Some of the small, low-skill ransomware groups demand $50.000 to $200.000 in ransom payments, while the larger, more sophisticated criminals with growing visibility demand $1 million or more,” Wisniewski said.
“Unfortunately, with initial access brokers (IAB) and ransomware-as-a-service (RaaS), it's easy for low-level cybercriminals to buy network access and a ransomware kit to launch an attack with little effort. Individual shops and small chains are more likely to be targeted by these smaller, opportunistic attackers,” Wisniewski reports on the attack structures.
More 2021 Retail Ransomware Study Findings:
- While retail was the second most targeted industry, the perceived increase in the scale and complexity of cyberattacks against this segment was slightly below the industry average (55 percent)
- 92 percent of retail businesses hit by ransomware said the attack impacted their ability to operate, and 89 percent reported a loss of business and revenue.
- In 2021, the total cost for retail businesses to remediate a ransomware attack was $1,27 million, down from $1,97 million in 2020.
- Compared to 2020, the amount of data recovered after paying the ransom dropped (from 67 percent to 62 percent), as did the percentage of retail businesses that got all their data back (from 9 percent to 5 percent).
Based on the survey results, Sophos experts recommend the following best practices for companies across all industries:
- Install and maintain high-quality protections at every point in the IT ecosystem. Review security controls regularly to ensure they continue to meet organizational requirements.
- Proactively scan for threats to identify and stop attackers before they can launch attacks. If your own team does not have the time or skills to do this, you should bring specialists such as an MDR (Managed Detection and Response) team on board.
- Strengthen the IT environment by looking for and closing important security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose.
- Play through the worst-case scenario and have an updated action and recovery plan ready for such an event.
- Create backups and practice restoring them to ensure minimal disruption and recovery times.
About the State of Ransomware in Retail 2022 study
"State of Ransomware in Retail 2022" is part of the cross-industry and cross-sector State of Ransomware 2022 study, which surveyed 5.600 IT professionals in medium-sized organizations (100-5.000 employees) in 31 countries about their experiences over the past year, including 422 retail respondents.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.