A recent survey report released by Sophos, a global leader in next-generation cybersecurity, showed that global retail organisations had the second highest rate of ransomware attacks last year.
According to the report, globally, 77 per cent of retail organisations surveyed were hit last year, which was a 75 per cent increase from 2020, and 11 per cent more than the cross-sector average attack rate of 66 per cent.
Analysing the report, the Principal Research Ccientist at Sophos, Chester Wisniewski, said: “Retailers continue to suffer one of the highest rates of ransomware attacks of any industry. With more than three in four suffering an attack in 2021, it certainly brings a ransomware incident into the category of when, not if. In Sophos’ experience, the organisations that are successfully defending against these attacks are not just using layered defenses, they are augmenting security with humans trained to monitor for breaches and actively hunting down threats that bypass the perimeter before they can detonate into even bigger problems.
“This year’s survey shows that only 28 per cent of retail organisations targeted were able to stop their data from being encrypted, suggesting that a large portion of the industry needs to improve their security posture with the right tools and appropriately trained security experts to help manage their efforts.”
As the percentage of retail organizations attacked by ransomware increased, so did the average ransom payment, the report further said, adding that in 2021, the average ransom payment was $226,044, a 53 per cent increase when compared to $147,811 in 2020. The report however said that this was less than one-third the cross-sector average at $812K.
“It’s likely that different threat groups are hitting different industries. Some of the low-skill ransomware groups ask for $50,000 to $200,000 in ransom payments, whereas the larger, more sophisticated attackers with increased visibility demand $1 million or more.
“With Initial Access Brokers (IABs) and Ransomware-as-a-Service (RaaS), it’s unfortunately easy for bottom-rung cybercriminals to buy network access and a ransomware kit to launch an attack without much effort. Individual retail stores and small chains are more likely to be targeted by these smaller opportunistic attackers,” Wisniewski said.
The report said 92 per cent of retail organisations hit by ransomware said the attack impacted their ability to operate and 89 per cent said the attack caused their organisation to lose business and revenue