Ransomware is a computer malware that gets into a device (e.g. computer, tablet, EPOS system) and “kidnaps” the data stored on the device. The victim is then asked for a sum of money to restore the data and their access to it. Attempts to bypass or counter the malware risks the deletion of your data and access to files.
Although ransomware attacks can happen to any business, retailers are particularly exposed, as an attack can prevent trade and thereby cause loss of revenue. It’s also worth noting that ransomware attacks are on the rise globally.
Losses of €350 million and 150,000 Jobs
The most recent figures on cybercrime make for uncomfortable reading. The cost of cybercrime is estimated at approximately €350 million annually and has lead to the loss of approximately 150,000 jobs to date in Europe alone. The digital footprint for these attacks is relatively low, meaning multiple amounts in small transactions can be profitable for a cyber criminal.
Cybercrime does not just target large multinationals. Actually, these are most likely avoided as an attack is expected and almost always protected by sophisticated software. Instead, these criminals will look to smaller enterprises and steal only small amounts from each. If that same approach is taken across large multiples of smaller companies, it all adds up to quite a lot of money, very quickly. We need to realise that we are all potential victims, as cybercriminals are interested in making money from anyone, regardless of the size.
There are various ways ransomware can spread to a device. The most frequent methods of installing ransomware on a system is through an email attachment, infected program or an innocent looking page on a compromised website. Ransomware programmes are also called cryptoworms, cryptotojans or a cryptovirus.
Cybercrime is growing in Ireland and there are many examples but most notably, the breach that affected Loyaltybuild in 2013. Their pre-tax profits for the year following dropped by 69% and the Data Commissioner hit them with a prohibition order, preventing them from trading in Ireland for a time. It’s high time to consider whether your business is protected from such attacks.
Retail Business Held to Ransom at Christmas
In the last year, TRC Solutions has helped two different retailers deal with the impact of a ransomware attack. During the 2016 festive period, the most critical trading period of the year for retailers, one of our retail clients was targeted with an attack that encrypted the data on their enterprise server at head office, eliminating the use of gift vouchers and credit notes during the busy Christmas shopping time. This had a huge effect on the retailer’s ability to maximise festive revenues and caused a lot of stress for staff, customers and the management team..
Unfortunately, the retailers backup policy was not being implemented and once we had confirmed it was a ransomware, their local IT support partner was left with no alternative but to pay the ransom so that the data would be restored to their server in order for trading to continue. Brand damage and the loss of both time and money was considerable.
This retailer has learned a valuable lesson from the experience and have worked with their IT support partner and TRC Solutions to ensure proper backup procedures and adequate security measure are in place to prevent this from happening again in the future.
Another retailer experienced a similar ransomware attack on their EPOS system, but due to having a best practice backup policy was affected much less and we were able to resolve the issue very quickly in this instance.
This ransomware attack on this client was confined to one till losing functionality as TRC Solution was able to work with the IT support team to restore the data to the server from the backup files. Having these backup files available dramatically reduced the down-time and eliminated the necessity of the retailer having to pay the ransom to restore trading.
This retailer has since carried out an audit on their security with their IT partner and TRC Solutions to limit the chances and impact of a future ransomware attack.
Best Practice Safeguards Retailers
More often than not, the ransom is paid and while some attacks can not be avoided, TRC Solutions recommend preparing for the worst case scenario.
Implementing best practices in security and backup policies is old advice yet it’s also still the best advice retailers can follow to mitigate their risk of falling victim to a ransomware attack. The only real defence any enterprise can really bank on is preparedness. Your IT support partner should be well placed to carry out an audit of your existing security and backups and to address any shortfalls that exist. All anti-virus software should be up to date and staff education is vital, because it is often human error that allow these malware attacks to take hold.
Actions to Discuss with your IT Partner
In addition to antivirus software, you also need to run a backup programme at least once a day. Furthermore, this programme needs to be able to do versioning – a term for saving older files. The reason for this is that ransomware can corrupt files on your backup server too and being able to store old versions of your files allows for the data to be saved in a format you can use.
A further step to protecting your data is to keep the external backup drive away from your server as much as possible. Plug it into the system to backup once a day and unplug it as soon as the backup programme has run.
Retailers are putting their own interests first by running regular backups, and we’d encourage every enterprise owner to keep informed about the latest malware trends so you can keep your business safe.
Additionally, these tips will help you de-risk your business from ransomware attacks:
- Make a record of all your online assets and their location. This prevents a ransomware attack on a system that you weren’t focused on
- As part of your software maintenance programme, keep all your software up-to-date
- Be careful with sharing data
- Keep your staff informed about cybersecurity matters. Make sure they know not to open attachments or click on links that come from unrecognisable sources
- Have a crisis plan in place that you can follow if your business is attacked by a virus. This contingency plan will save you time and therefore money
- Decide what your enterprise’s stance is on paying a ransom
- Educate yourself on the risk your devices bring into your business with your suppliers