Today, close to only one in four retail companies (26%) are able to disrupt a ransomware attack before their data can be encrypted. Two years ago, that figure was closer to one out of three (34%). That’s one of many findings in the Sophos State of Ransomware in Retail 2023 report.
In addition, the report found that, for those retail organizations that paid the ransom, their median recovery costs (not including the ransom payment) were four times the recovery costs of those that used backups to recover their data ($3,000,000 versus $750,000).
The Good, the Bad, the Ugly
First, the good news: the percentage of retail organizations attacked by ransomware declined from 77% last year to 69% this year. But this statistic offers cold comfort.
Now the bad: while the rate of ransomware attacks is down, the rate of data encryption is now at its highest in three years, with 71% of attacks resulting in data encryption.
In 21% of attacks in retail where data was encrypted, data was also stolen. This “double extortion” approach by adversaries is becoming more commonplace as they threaten to publicize stolen data unless a ransom payment is made. The high frequency of data theft increases the importance of stopping attacks as early as possible before information can be exfiltrated.
Yes, 97% of retail victims were able to recover their encrypted data, the same as the global average. Over two-thirds of them (68%) relied on backups to get back into business. But 43% of retailers chose to pay the ransom. And two-thirds of those that paid up (68%) reported payments of $1M or more. Those paying $100,000 or less amounted to only 6% of those paying ransom, down from 70% in last year's report.
Keep Calm and Know Your Enemy
So, how do cyber attackers break in?
The Sophos study found the same litany of root causes. System vulnerabilities were exploited in 41% of ransomware attacks, compromised credentials were used in 22% of attacks, and malicious e-mails or phishing were used to stage another third of attacks.
Yet despite these bleak numbers, retailers are not without the means to build their stout defenses.
Sophos recommends that organizations operate with good "security hygiene," including timely patching, regularly installing security patches, and reviewing their security tool configurations. Retailers should also back up their data regularly, practicing restoring data from backups and maintaining an incident response plan.
But the best defense is a multi-layered approach for the broadest range of protection. Sophos Managed Detection and Response (MDR) and incident response services reliably detect and neutralize active threats before damage is done. These services are backed by a 24/7/365 team of global security experts who have seen and stopped it all.
Download the State of Ransomware in Retail 2023 report to learn how to address retail cyberattacks and ensure your customers are well prepared.