Retail had the second highest rate of ransomware attacks last year after the media, leisure, and entertainment industry, according to a new report from global leader in cybersecurity, Sophos.

The State of Ransomware in Retail 2022 found that globally, 77% of retail organisations surveyed hit – a 75% increase from 2020, also 11% more than the cross-sector average attack rate of 66%. More than nine in 10 (92%) retail organisations hit by ransomware said the attack impacted their ability to operate and 89% said the attack caused their organisation to lose business/revenue.

“Retailers continue to suffer one of the highest rates of ransomware attacks of any industry. With more than three in four suffering an attack in 2021, it certainly brings a ransomware incident into the category of when, not if,” Sophos principal research scientist, Chester Wisniewski said.

“In Sophos’ experience, the organisations that are successfully defending against these attacks are not just using layered defenses, they are augmenting security with humans trained to monitor for breaches and actively hunting down threats that bypass the perimeter before they can detonate into even bigger problems.

“This year’s survey shows that only 28% of retail organisations targeted were able to stop their data from being encrypted, suggesting that a large portion of the industry needs to improve their security posture with the right tools and appropriately trained security experts to help manage their efforts.”

As the percentage of retail organisations attacked by ransomware increased, so did the average ransom payment. In 2021, the average ransom payment was $226,044, a 53% increase when compared to 2020 ($147,811). However, this was less than one-third the cross-sector average ($812,000).

In the light of the survey findings, Sophos experts recommend the following best practices:

  • Install and maintain high-quality defences across all points in the environment. Review security controls regularly and make sure they continue to meet the organisation’s needs.
  • Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) team.
  • Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose.
  • Prepare for the worst, and have an updated plan in place of a worst-case incident scenario.
  • Make backups, and practice restoring them to ensure minimal disruption and recovery time.