Connect with us

Hi, what are you looking for?

HEADLINES

Retail sector top target for ransomware, data-theft extortion attacks during pandemic- Sophos

The results show how retail organizations became a prime target for ransomware during the COVID-19 pandemic, when many retailers started trading online for the first time simply in order to survive, while others saw a huge increase in their web traffic and online transactions.

Sophos published the “State of Ransomware in Retail,” which looks at the extent and impact of ransomware attacks on mid-sized retail organizations worldwide during 2020. 

The results show how retail organizations became a prime target for ransomware during the COVID-19 pandemic, when many retailers started trading online for the first time simply in order to survive, while others saw a huge increase in their web traffic and online transactions.

The survey findings reveal that retail organizations were particularly vulnerable to a small but growing new trend: extortion-only attacks, where the ransomware operators don’t encrypt files but threaten to leak stolen information online if a ransom demand isn’t paid. More than one in ten (12%) retail ransomware victims experienced this, nearly double the cross-sector average of 7%. Only the central government, at 13%, was more affected.

Other top research findings include:

Advertisement. Scroll to continue reading.
  • Retail, together with education, faced the highest level of ransomware attacks during 2020, with 44% of organizations hit (compared to 37% across all industry sectors) 
  • The total bill for rectifying a ransomware attack in the retail sector, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more, was US$1.97 million on average – compared to a cross-sector average of US$1.85 million
  • Over half (54%) of the retail organizations hit by ransomware said the attackers had succeeded in encrypting their data 
  • A third (32%) of those whose data was encrypted paid the ransom. The average ransom payment was US$147,811 (lower than the global average of US$170,404.) However, those who paid recovered on average only two-thirds (67%) of their data, leaving a third inaccessible; and just 9% got all their encrypted data back

“The retail sector has always been an attractive target for cyberattacks, with its complex, distributed IT environments, including a multitude of connected point-of-sale devices, a relatively transient and non-technical workforce, and access to a wide range of personal and financial customer data,” said Chester Wisniewski, principal research scientist at Sophos. “The impact of the pandemic introduced additional security challenges that cybercriminals were quick to exploit. 

“The comparatively high percentage of targets hit with data-theft based extortion attacks is not entirely surprising. Service industries such as retail hold information that is often subject to strict data protection laws, and attackers are only too willing to exploit a victim’s fear of fallout from a data breach in terms of fines and damage to brand reputation, sales and customer trust.

“It’s not all bad news for retail IT managers, however. While enabling, managing, and securing IT during the pandemic increased the overall IT workload for three quarters of retailers – the sector was also the most likely (at 77%) to see a positive return in terms of enhanced cybersecurity skills and knowledge.

“To secure retail IT networks against ransomware and other cyberattacks, we advise IT teams to focus resources on three critical areas: building stronger defenses against cyberthreats, introducing security skills training for users including part time and temporary staff, and, where possible, investing in more resilient infrastructure.” 

The Sophos State of Ransomware in Retail, 2021, survey polled 5,400 IT decision makers, including 435 retail IT managers, in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The rising rate of ransomware attacks against healthcare institutions contrasts with the declining rate of ransomware attacks across sectors; the overall rate of ransomware...

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

The all-cash transaction is valued at approximately $859 million. Sophos is backed by Thoma Bravo, a leading software investment firm.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

HEADLINES

Kaspersky has enhanced its Kaspersky Industrial CyberSecurity (KICS), a native XDR Platform for industrial enterprises, and streamlined Managed Detection and Response (MDR) for Industrial...

MOTORING

HATASU, your go-to brand for safe, sustainable, and value-for-money mobility solutions, is gearing up to make this season fang-tastic for everyone—young and old alike!

Advertisement