Three-Quarters of Retail Ransomware Attacks End in Encryption

The share of global retailers hit by a serious ransomware breach over the past 12 months fell nearly 10 percentage points year-on-year (YoY), but just 26% were able to disrupt an attack before data was encrypted, according to Sophos.

The security vendor polled 355 IT and cybersecurity leaders in retail organizations with between 100 and 5000 employees to produce its report, The State of Ransomware in Retail 2023.

Although the percentage of breached retailers dropped from 77% last year to 69% in this year’s report, the share of respondents able to prevent encryption dropped from 34% in 2021 and 28% in 2022.

The impact on affected businesses is clear: the share of retailers able to recover from an attack in less than a day decreased from 15% in 2022 to 9% this year, while the percentage that took more than a month to recover increased from 17% to 21% over the same period.

Read more on retail cyber-threats: Holiday Shopping Disruption Beckons as Retail Bot Attacks Surge 13%

Chester Wisniewski, director, global field CTO, Sophos, argued that retailers are losing the battle against ransomware.

“Ransomware criminals have been encrypting increasingly greater percentages of their retail victims in the last three years, as evidenced by the steadily declining rate of retailers stopping cyber-criminal attacks in progress,” he added.

“Retailers must up their defensive game by setting up security that detects and responds to intrusions earlier in the attack chain.”

The report also had some compelling evidence that organizations should follow the advice of governments and security agencies and never pay their extorters.

It revealed that victim retailers that did pay up ended up with median recovery costs four times that of firms which used backups to recover their data ($3m versus $750,000).