Ransomware: The second most targeted Industry in 2021

When it comes to ransomware, retail is the second most targeted industry in 2021, said Sophos recently.

According to the company’s The State of Ransomware in Retail 2022 report, 77% of organisations were hit in 2021. The number is a 75% rise from the 44% hit rate in 2020.

The most targeted industry by ransomware in the said period was media, leisure, and entertainment. The cross-sector average attack rate is 66%, the report says.

Survey highlights 

• As the percentage of retail organisations attacked increased, so did the average ransom payment.
• In 2021, the average ransom payment was $226,044, a 53% increase when compared to 2020 ($147,811). However, this was less than one-third the cross-sector average ($812K).
• While the retail sector was the second most targeted industry, the perceived increase in the volume and complexity of cyberattacks against the industry were slightly below the cross-sector average (55% and 55% respectively) 
• 92% of retail organisations hit by ransomware said the attack impacted their ability to operate and 89% said the attack caused their organisation to lose business/revenue
• In 2021, the overall cost to retail organisations to remediate a ransomware attack was $1.27M, down from $1.97M in 2020
• When compared to 2020, the amount of data recovered after paying the ransom decreased (from 67% to 62%), as did the percentage of retail organisations that got all their data back (from 9% to 5%).

Recommended best practices
In the light of the survey findings, Sophos recommends the following best practices for all organisations across all sectors:

• Install and maintain high-quality defenses across all points in the environment. Review security controls regularly and make sure they continue to meet the organisation’s needs
• Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) team
• Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose
• Prepare for the worst, and have an updated plan in place of a worst-case incident scenario
• Make backups, and practice restoring them to ensure minimal disruption and recovery time