- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Three-Quarters of Retail Ransomware Attacks End in Encryption
The share of global retailers hit by a serious ransomware breach over the past 12 months fell nearly 10 percentage points year-on-year (YoY), but just 26% were able to disrupt an attack before data was encrypted, according to Sophos.
The security vendor polled 355 IT and cybersecurity leaders in retail organizations with between 100 and 5000 employees to produce its report, The State of Ransomware in Retail 2023.
Although the percentage of breached retailers dropped from 77% last year to 69% in this year’s report, the share of respondents able to prevent encryption dropped from 34% in 2021 and 28% in 2022.
The impact on affected businesses is clear: the share of retailers able to recover from an attack in less than a day decreased from 15% in 2022 to 9% this year, while the percentage that took more than a month to recover increased from 17% to 21% over the same period.
Chester Wisniewski, director, global field CTO, Sophos, argued that retailers are losing the battle against ransomware.
“Ransomware criminals have been encrypting increasingly greater percentages of their retail victims in the last three years, as evidenced by the steadily declining rate of retailers stopping cyber-criminal attacks in progress,” he added.
“Retailers must up their defensive game by setting up security that detects and responds to intrusions earlier in the attack chain.”
The report also had some compelling evidence that organizations should follow the advice of governments and security agencies and never pay their extorters.
It revealed that victim retailers that did pay up ended up with median recovery costs four times that of firms which used backups to recover their data ($3m versus $750,000).