Ransomware attacks are a fast-growing problem for retailers

The pandemic has affected retailers in a variety of ways. Some of the effects are obvious:  Amazon was in a position to adapt and scale to the pandemic-driven surge in consumer demand. Thousands of other retailers either closed in 2020 or are expected to close in 2021. Not all of this can be blamed on the pandemic, and these figures do not represent a full picture of the retail sector. Retail industry analysts are also expecting thousands of new stores to open as the popularity of discount and dollar stores continues to grow.

There are other changes as well, such as the increased complexity of the IT environment. Retailers are taking advantage of new integrated systems, industrial control devices, and technologies that enable ‘just-in-time delivery systems. These technologies are driving cloud migrations, and consumers are driving demand for online commerce and non-cash transactions. The retailers that aren’t investing in this digital transformation often rely on legacy technologies after official support has ended.

10 months of ransomware attacks on retailers

Meanwhile cybercriminals are building sophisticated organizations that hunt for large ransoms and lucrative data. The rise of Malware-as-a-Service has made ransomware accessible to anyone willing to share a ransom. All industries are targets, but retailers have become very enticing over the past couple of years. New research reveals ransomware attacks on the retail sector are growing rapidly, with a 183% increase between the first two quarters of 2021. Here are some of the more notable attacks over the past 10 months:

• October 2020 — Barnes & Noble falls victim to Egregor ransomware. The company lost data, and the Nook Digital reader was taken offline.


• November 2020 — Cencosud is attacked by Egregor. Outlets were unable to process the 'Cencosud Card' credit card, customer returns, or in-store pickup of web purchases.


• December 2020 — Kmart is attacked by Egregor. The attack took websites offline and encrypted back-end servers.


• January 2021 — Dairy Farm Group is attacked by the REvil operation. REvil attackers retained access to the network and email system because Dairy Farm Group chose to keep the servers online. The email system was used for spam attacks, and data stolen from the company was later leaked online. A threat actor provided more details of the attack here.


• February 2021 — Guess is attacked by an unnamed ransomware group widely speculated to be DarkSide. Personal and financial data from over 1,300 Guess customers was stolen in the attack.


• March 2021 — Boggi Milano is attacked by Ragnarok. The attackers took about 40 gigabits of HR data before encrypting the files.


• April 2021 — Thrifty White Pharmacy discloses a data breach affecting nearly 4,000 customers due to a ransomware attack on the company’s payment system, CaptureRX.


• May 2021 — German clothes retailer Waschbar is hit with a cyberattack that shut down the email system as well as online and telephone order processing.


• June 2021 — New York Pizza is infected with ransomware and refuses to pay the ransom. New York Pizza is one of the largest pizza chains in the Netherlands, and approximately 3.9 million users were compromised.


• July 2021 — Roughly 400 Coop Sweden supermarkets shut down due to the REvil ransomware attack on IT service provider Kaseya. Coop Sweden is one of up to 1,500 businesses affected by this supply chain attack.

The effects of a ransomware attack rarely have a clear end. The business may be unable to conduct business for an undetermined amount of time, which means the company is losing an unknown dollar amount in sales. Consumer confidence in the brand may be reduced, leading to further loss of sales. The company may be sued or file for bankruptcy months or years later, depending on how the incident impacted the business and its customers. We won’t even get into the impact of stolen data and ransom payments.

The best course of action for any organization is to plan to never pay a ransom. Creating a multi-layer ransomware defense is as easy as 1-2-3.  See how Barracuda can help you protect your business.