Retail cyberattacks are down. But recovery is more expensive.
That was one of many findings in the Sophos “State of Ransomware in Retail” report for 2024. The Sophos report outlines the entire victim journey, from root causes and attack rates to operational impacts and business outcomes.
Only 45 percent of retailers surveyed were hit by ransomware, down from 69 percent in the previous year. But the threat actors were more ruthless. Nine in ten retailers reported that the cybercriminals went after the backups during the attack, and almost half of those attacks were successful.
To Pay or Not to Pay?
Typically, two-thirds of the retailers surveyed said they prefer to restore encrypted data from backups. However, six out of ten said they paid ransom to regain their data. Over one-third of retailers (39%) that had data encrypted used more than one method to get their data back. This rate is more than double the rate shown in the 2023 report (16%). Those organizations were twice as likely to pay the ransom to recover encrypted data.
Threat actors don’t always get what they ask for. Last year, the average retailer ransom was $3 million. Now, it is more like $950,000. About half the respondents paid less than the amount demanded. Another third paid what was asked. And an unlucky 14 percent paid more.
Unfortunately, the cost of recovering from a ransomware attack has gone up. Retailers paid an average of $2.73 million to recover from an attack, up from $1.85 million reported last year. The time it takes to recover has also gone up. In 2023, 52 percent of retailers were back in business in less than a week. That figure is now 46 percent. Another 28 percent of victims needed more than a month to recover, up from 21 percent.
Then Plan and Prepare
As adversaries continue to iterate and evolve their attacks, defenders and their cyber defenses must keep pace.
To keep your customers safe, start with prevention: patch vulnerabilities, use multi-factor authentication, and train staff to spot attacks. The easiest attack to thwart is the one that does not happen. Go to protection: secure endpoints, email, and firewalls.
Then, detect and respond. Speed is of the essence. The sooner the cyberattack can be spotted, the greater the chance it can be neutralized and remediated before backups are compromised or data is encrypted. Also, plan and prepare. A well-practiced incident response plan will help the business defend against an attack and recover sooner.
Sophos MDR is a fully-managed, 24/7 service delivered by experts who detect and respond to cyberattacks targeting your retail customers' computers, servers, networks, cloud workloads, email accounts, and more. Deliver unparalleled cybersecurity outcomes with lower TCO, better protection, improved productivity, and customer satisfaction.
Download the report to explore the full findings.