The retail industry had the second highest rate of ransomware attacks across all sectors, with an alarming 77 per cent of organisations impacted by attacks.

This is according to The State of Ransomware in Retail 2022, a new report published today by cybersecurity form Sophos.

The most impacted sector is the media, leisure, and entertainment industry, which covered a large swath of businesses.

As the percentage of retail organisations attacked by ransomware increased, so did the average ransom payment. In 2021, the average ransom payment was $226,044, a 53 per cent increase on 2020’s average of $147,811.

Only 28 per cent of retail organisations targeted were able to stop their data from being encrypted, according to the findings.

 

“It’s likely that different threat groups are hitting different industries,” said Chester Wisniewski, principal research scientist at Sophos.

“Some of the low-skill ransomware groups ask for $50,000 to $200,000 in ransom payments, whereas the larger, more sophisticated attackers with increased visibility demand $1 million or more.

“With Initial Access Brokers (IABs) and Ransomware-as-a-Service (RaaS), it’s unfortunately easy for bottom-rung cybercriminals to buy network access and a ransomware kit to launch an attack without much effort.

“Individual retail stores and small chains are more likely to be targeted by these smaller opportunistic attackers.”