Retail industry the second most targeted industry by ransomware, Sophos survey finds

Sophos, the world leader in next-generation cybersecurity, has released a new industry survey report, The State of Ransomware in Retail 2022which found that retail had the second highest rate of ransomware attacks last year of all sectors surveyed after the media, leisure and entertainment industry.

Globally, 77% of retail organizations surveyed were affected, an increase of 75% since 2020. This is also 11% higher than the cross-industry average attack rate of 66%.

Chester Wisniewski, Principal Research Scientist at Sophos, said: “Retailers continue to experience one of the highest rates of ransomware attacks of any industry. With more than three in four experiencing an attack in 2021, it certainly brings a ransomware incident into the category of when, not if.

Chester Wisniewski, Principal Research Scientist, Sophos

“In Sophos’ experience, organizations that successfully defend against these attacks don’t just use layered defenses, they augment security with humans trained to monitor breaches and actively hunt for perimeter-evading threats before they can detonate. in even bigger trouble. .

“This year’s survey shows that only 28% of targeted retail organizations were able to prevent their data from being encrypted, suggesting that a large part of the industry needs to improve its security posture with the right tools and security experts in place. trained to help manage your efforts.”

As the percentage of retail organizations attacked by ransomware increased, so did the average ransom payment. In 2021, the average ransom payment was $226,044, an increase of 53% compared to 2020 ($147,811). However, this was less than a third of the cross-sector average (US$812K).

“Different groups of threats are likely affecting different industries. Some of the low-skilled ransomware groups ask for between US$50,000 and US$200,000 in ransom payments, while larger and more sophisticated attackers with higher visibility demand US$1 million or more,” said Wisniewski. “With Initial Access Brokers (IAB) and Ransomware-As-a-Service (RaaS), it is unfortunately easy for lower-level cybercriminals to buy network access and a ransomware kit to launch an attack without much effort. Individual retail stores and small chains are more likely to be targeted by these smaller opportunistic attackers.”

Additional findings include:

  • While retail was the second most targeted industry, the perceived increase in the volume and complexity of cyberattacks against the industry was slightly below the cross-industry average (55% and 55%, respectively).
  • 92% of retail organizations affected by ransomware said the attack affected their ability to operate and 89% said the attack caused their organization to lose business/revenue.
  • In 2021, the total cost to retail organizations to remediate a ransomware attack was $1.27 million, down from $1.97 million in 2020.
  • Compared to 2020, the amount of data recovered after paying the ransom decreased (from 67% to 62%), as did the percentage of retail organizations that recovered all of their data (from 9% to 5%).

In light of the survey results, Sophos experts recommend the following best practices for all organizations across all industries:

  • Install and maintain high-quality defenses at all points in the environment. Review your security controls regularly and make sure they continue to meet your organization’s needs.
  • Proactively hunt for threats to identify and stop adversaries before they can execute attacks; if the team doesn’t have the time or skills to do it in-house, outsource to a Managed Detection and Response (MDR) team.
  • Harden the IT environment by finding and closing key security gaps: unpatched devices, unprotected machines, and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose.
  • Prepare for the worst and have an up-to-date plan in place of the worst possible scenario.
  • Perform backups and restores to ensure minimal disruption and recovery time.

To learn more about the state of ransomware in Retail 2022, download the full report from

The State of Ransomware in Retail 2022 survey surveyed 5,600 IT professionals at midsize organizations in 31 countries, including 422 respondents from the retail sector.

Click below to share this article

Leave a Comment