Close Menu
  • Home
  • Feature
  • News
  • Opinion
  • Photo Stories/Events
  • Report
Facebook X (Twitter) Instagram
  • About TheNumbersNG
  • Contact Us
Facebook Instagram
TheNumbersNGTheNumbersNG
  • Home
  • Feature
  • News
  • Opinion
  • Photo Stories/Events
  • Report
TheNumbersNGTheNumbersNG
Home»News»77% of Retail Organisations Hit With Ransomware In 2021 – Sophos Survey
News

77% of Retail Organisations Hit With Ransomware In 2021 – Sophos Survey

Elvis EromoseleBy Elvis EromoseleSeptember 11, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest Email
Organisations in the retail industry experience 77 per cent hits by Ramsomeware, making the industry the second most targeted industry by ransomware in 2021, a survey by Sophos, next-generation cybersecurity has found.
The survey finds that this is a 75percent increase from 2020, topping the media, leisure and entertainment industry.
“Retailers continue to suffer one of the highest rates of ransomware attacks of any industry. With more than three in four suffering an attack in 2021, it certainly brings a ransomware incident into the category of when not if. In Sophos’ experience, the organizations that are successfully defending against these attacks are not just using layered defences, they are augmenting security with humans trained to monitor for breaches and actively hunting down threats that bypass the perimeter before they can detonate into even bigger problems. This year’s survey shows that only 28% of retail organizations targeted were able to stop their data from being encrypted, suggesting that a large portion of the industry needs to improve their security posture with the right tools and appropriately trained security experts to help manage their efforts,” said Chester Wisniewski, principal research scientist, Sophos.
As the percentage of retail organizations attacked by ransomware increased, so did the average ransom payment. In 2021, the average ransom payment was $226,044, a 53percent increase when compared to 2020 ($147,811). However, this was less than one-third of the cross-sector average ($812K).
“It’s likely that different threat groups are hitting different industries. Some of the low-skill ransomware groups ask for $50,000 to $200,000 in ransom payments, whereas the larger, more sophisticated attackers with increased visibility demand $1 million or more,” said Wisniewski. “With Initial Access Brokers (IABs) and Ransomware-as-a-Service (RaaS), it’s unfortunately easy for bottom-rung cybercriminals to buy network access and a ransomware kit to launch an attack without much effort. Individual retail stores and small chains are more likely to be targeted by these smaller opportunistic attackers,” added Wisniewski.
While the retail sector was the second most targeted industry, the perceived increase in the volume and complexity of cyberattacks against the industry were slightly below the cross-sector average (55% and 55% respectively)
the report indicated that 92 per cent of retail organizations hit by ransomware said the attack impacted their ability to operate and 89 per cent said the attack caused their organisation to lose business/revenue
In 2021, the overall cost to retail organizations to remediate a ransomware attack was $1.27M, down from $1.97M in 2020
When compared to 2020, the amount of data recovered after paying the ransom decreased (from 67% to 62%), as did the percentage of retail organizations that got all their data back (from 9% to 5%)
Meanwhile, Sophos experts have recommended the following best practices for all organizations across all sectors:
Install and maintain high-quality defences across all points in the environment. Review security controls regularly and makes sure they continue to meet the organization’s needs
Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response(MDR) team
Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response(XDR) solutions are ideal for this purpose
Prepare for the worst, and have an updated plan in place of a worst-case incident scenario
Make backups, and practice restoring them to ensure minimal disruption and recovery time
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Elvis Eromosele

Related Posts

Misuse of Cybercrime Law Risk to Freedom of Speech – Envoys

June 13, 2025

Obi Slams N39 Billion for ICC Renovations as Misplacement of Priorities

June 11, 2025

Stakeholders, Analysts Praise Nigerian Breweries Q1 Report, Point to a Future of Greater Performance

June 11, 2025
Add A Comment
Leave A Reply Cancel Reply

You must be logged in to post a comment.

TheNumbersNG
  • About TheNumbersNG
  • Contact Us
© 2025 TheNumbersNG.

Type above and press Enter to search. Press Esc to cancel.