Retailers Often Pay Ransomware Demands When It’s Better to Bolster Defenses

Ransomware may pose a threat across sectors, but the retail industry should be particularly wary.

“Retailers are increasingly targeted by ransomware, which has the effect of stopping retail operations — and revenue generation — in its tracks,” SonicWall malware expert Brook Chelmo writes in a blog post.

What’s more, the long-term impact on customer perception and brand reputation can devastate a business long after the attack ends: A Carbon Black survey found that 70 percent of consumers said they would consider leaving a retailer if it were hit with ransomware.

Though that report focused on the 2017 WannaCry outbreak that targeted more than 300,000 global victims, hackers have developed several types of ransomware. Popular variants include traditional lock screen ransomware, master boot record infections and pure encryption.

Any attack against vulnerable point-of-sale (POS) technology represents a nightmare scenario for retailers. Locked out of the system, store associates would be completely unable to run transactions.

Why Retailers Shouldn't Pay the Ransom

The threat of lost sales may be why so many retailers give in to hackers’ demands: According to a 2018 survey from security technology company Radware, about 66 percent of retailers and wholesalers have paid the ransom after a cyberextortion attack.

But security experts advise against putting up the money, which averages $1.6 million per ransomware incident, Radware found. That’s because each successful payoff encourages further attacks — and still doesn’t guarantee file or system recovery. According to the CyberEdge Group’s “2018 Cyberthreat Defense Report,” only 49.4 percent of hacking victims who pay the ransom actually get their data back.

Defending Against Ransomware

In light of the low recovery rate for ransomed files, the best course of action for retailers is to prevent hackers from taking their businesses hostage in the first place.

Defending against attacks requires a multilayered security strategy that incorporates people, processes and technology. Used in conjunction with tools such as anti-virus software and email filters, these five components can help retailers protect — or recover — their data:

Network Segmentation: Isolating POS systems from the rest of the network through network segmentation makes retailers less susceptible to attack. The technology relies on firewalls and virtual LANs to prevent unauthorized traffic from traveling between points on the network. Sadik Al-Abdulla, director of security solutions with CDW, calls segmentation a “fundamental necessity” to network security.

Encryption: Retailers surveyed in the “2018 Thales Data Threat Report” identify encryption as the most effective toolset for protecting data at rest, in motion or in use. The report found that 67 percent of retailers plan to implement database and file encryption in the coming year, motivated in part by the European Union’s new, stricter General Data Protection Regulation (GDPR) and the technology’s ability to strengthen access control in both traditional data centers and the cloud.

User Training: Staff awareness of common ransomware pitfalls can make or break a business’s security strategy. Ransomware often gains access to systems when users click on links or attachments infected with malware. That means associates in both the front and back of the store need to stay on high alert for suspicious content.

Third-Party Support: Outsourcing security responsibilities to a trusted services provider gives retailers access to the latest and greatest data protection technologies. The National Institute of Standards and Technology’s small-business information security guide recommends partnering with a provider that holds recognized professional certifications and has experience working with similar clients — other retailers, in this case.

Data Backups: Though performing frequent backups isn’t actually a prevention technique, it is a vital strategy for recovering from a ransomware attack. The U.S. Computer Emergency Readiness Team recommends storing backups offline, on a separate device, and verifying backups regularly. “If ransomware affects your system, you can restore your system to its previous state with any files unaffected by ransomware,” CERT notes.

>> Download CDW's Cybersecurity Insight Report to learn more about how organizations are managing risk in more effective ways.