The "Sophos state of Ransomware in Retail 2021" report issued by the software and hardware giant Sophos recently, examines the magnitude and consequences of ransomware attacks in the international retail sector during 2020, especially due to the ongoing Covid-19 situation - which started then started
Including the primary findings, retailers and the education industry have suffered the greatest ransomware attacks in 2020, with 44 % of firms affected (compared to 37 % across all industry sectors). It was also found that perhaps the entire price for remedying a ransomware attack was US$ 1.97 million on an estimate, compared to a cross-sectoral average of US$ 1.85 million, taking into account downtimes, people's time, equipment costs, networking cost, wasted opportunity, ransom payments, and much more.
Retailers were highly susceptible to a modest but burgeoning new trend: extortion-only attacks. Whilst such instances, programmers of ransomware don't encrypt data rather they threaten to publish stolen information online if ransom requests are not being fulfilled.
More than half (54 %) of the retail industry impacted by Ransomware stated that the attackers were able to encrypt their data. The ransom was paid by one-third (32%) of individuals whose data is encrypted. The average payment for recovery was US $147,811 (below that of the world average of US $170,404). Furthermore, individuals who have paid only retrieved two-thirds (67%) of their data on an average, which leaves a third still inaccessible; and only 9% had all their encrypted data back.
The relatively large proportion of targets affected by data theft attacks is not wholly unexpected. The service industries such as the retail sector hold data that is often subject to legal data protection legislation, and threat actors are only prepared to exploit the victims' fear of data breach fallout concerning penalties and harm to their brand image, selling and customer confidence, Wisniewski said.
“The retail sector has always been an attractive target for cyberattacks, with its complex, distributed IT environments, including a multitude of connected point-of-sale devices, a relatively transient and non-technical workforce, and access to a wide range of personal and financial customer data.” Chester Wisniewski, a principal research scientist at Sophos, is quoted in a press release. “The impact of the pandemic introduced additional security challenges that cybercriminals were quick to exploit.”
Researchers urge IT teams, to defend the IT networks for retailers from Ransomware and other cyber attacks, to spend resources on three key areas: the creation of comprehensive cyber threat defenses; security skill development for users, especially part-time and temporary personnel, whenever possible and investing in more robust infrastructure.
