Retail Sector Ransomware Attacks Grow by 67% in 2022

When it came to ransomware in 2022, data from our 2022 State of Ransomware report showed that the retail sector ransomware attacks experienced a massive 67% increase over 2021. Shocking figures indeed, but it’s worth noting that the increase over 2020 was a whopping 233%. Many big name brands fell victim to ransomware last year, was it low hanging fruit for attackers or a lucrative target?

When it came to the variants behind the incidents, Hive claimed 3 of the publicized attacks while 11 of the recorded attacks had no claim of responsibility against them, despite the large-scale organizations being attacked. Snatch made headlines by adding McDonalds and UK based Daylesford Organics to their victims list. While their attack on McDonalds saw 500GB of data stolen and a “shields up” alert issued by CISA to all US organizations. The Daylesford incident exposed data of a number of high profile UK celebrities.

Europe was the most targeted region with 30% of all publicly disclosed retail attacks, closely followed by the UK and US.  Other large retailers included Canadian food retail giant Sobeys, Moroccan and Kuwait branches of IKEA and Spinneys a chain of supermarkets in Dubai.

Ransom demands were extremely varied, with a large difference noted between various attacks. Esquimal in Mexico received a demand of €3000 for 77,000 pieces of customer information while at the other end of the scale, Walmartwas given a ransom of $55million and UK car dealer Pendragon was hit with a record breaking £60million ransom demand.

Retailers are often seen as high value targets because downtime is so detrimental to their business and they have a wealth of customer data worth exfiltrating. When it came to disruption, this was  certainly felt by French retailer Intersport who were unable to complete instore sales on Black Friday as a result of a cyberattack by the Hive group. Online retailers are hit even harder by attacks as threat actors can stop their sales entirely. An example of this last year was Funky Pigeon, a UK online gift card retailer who was forced to shut down systems and temporarily suspend operations following an attack in April.

The competitive nature of this sector also creates problems for retailers. According to a report by Arcserve, 59% of customers would likely avoid doing business with an organization who had experienced a cyberattack in the past year.

While the retail sector as a whole does seem to be implementing more tools to protect themselves against cyberattacks, many are still being targeted due to their lack of protection. Threat actors who attacked both Esquimal, a Mexican clothing retailer, and French furniture retailer Conformara, commented on the low level of security and data protection at both organizations. With catastrophic consequences resulting from these attacks, it is surprising that many large organizations, not just in retail, are failing to prioritize cybersecurity.

According to Sophos, cyber insurance is also causing issues for the retail sector with 41% of retailers saying that fewer insurance providers are offering cover at affordable prices. This makes it more difficult for retailers, especially smaller ones, to get insurance to help combat the rising number of attacks and the size of ransom demands.

With the number of attacks rising substantially in this sector over the last two years, will this trend continue in 2023? Allocating investment to bolster their basic cybersecurity defenses and adopt third generation cybersecurity solutions is essential for retailers to protect their customer data and avoid being 2023 ransomware news.