Over three-quarters (77%) of retail organizations globally were targeted by ransomware in 2021 — a 75% increase from 2020. Retail organizations faced ransomware attacks 11% more often than the cross-sector average of 66%.

The State of Ransomware in Retail 2022, a report from Sophos, found that retail had the second highest rate of ransomware attacks last year of all sectors surveyed after the media, leisure and entertainment industry. The State of Ransomware in Retail 2022 survey polled 5,600 information technology (IT) professionals in mid-sized organizations across 31 countries, including 422 respondents from the retail sector.

As the percentage of retail organizations attacked by ransomware increased, so did the average ransom payment. In 2021, the average ransom payment was $226,044, a 53% increase when compared to 2020 ($147,811). However, this was less than one-third the cross-sector average ransom payment, which totaled $812,000.

"It’s likely that different threat groups are hitting different industries. Some of the low-skill ransomware groups ask for $50,000 to $200,000 in ransom payments, whereas the larger, more sophisticated attackers with increased visibility demand $1 million or more," said Chester Wisniewski, Principal Research Scientist at Sophos. "With Initial Access Brokers (IABs) and Ransomware as a Service (RaaS), it’s unfortunately easy for bottom-rung cybercriminals to buy network access and a ransomware kit to launch an attack without much effort. Individual retail stores and small chains are more likely to be targeted by these smaller opportunistic attackers," said Wisniewski.

Nearly all (92%) of retail organizations hit by ransomware said the attack impacted their ability to operate, and 89% said the attack caused their organization to lose business/revenue. Although the overall cost to retail organizations to remediate a ransomware attack was $500,000 lower than in 2020 ($1.27M in 2021 compared to $1.97M in 2020), the amount of data recovered by organizations after paying the ransom also decreased, with only 5% of retailers getting all of their data back post-ransomware attack.

For more report findings, click here.