Ransomware attacks are on the rise, with the breach of US IT firm Kaseya last weekend just the latest, biggest attack to make the headlines. Before that, there was meat processor JBS Foods and fuel supplier Colonial Pipeline.

And tech and security experts believe there’s more to come, with the shift to remote working and online shopping and rise of ransomware insurance, which guarantees hackers a payout, creating something of a buffet line for cyber criminals. 

“As we navigated through the challenges of Covid-19, ransomware attacks thrived, creating a lucrative year for cyber criminals and a disruptive year for organisations,” Gergana Winzer, industry director of cybersecurity at Unisys, told Inside Retail.

Globally, the average weekly number of ransomware attacks has increased 71 per cent over the past 12 months, according to Check Point Research. In Australia, Winzer estimates that ransomware attacks have cost organisations $248 million so far this year. 

The hackers who continue to hold Kaseya’s data ransom — the company is still working on a patch that will enable its software to come back online — are demanding US$70 million in Bitcoin to release it. Colonial Pipeline reportedly paid US$4.4 million to regain control over its systems.

But it’s not just the cash demands that hurt businesses affected by ransomware attacks, Winzer said.

“It contributes to the toll already placed on economies and industries who have suffered for the past 18 months.”

Why we’re seeing more ransomware attacks

“Over the years the increase of cyber attacks across all sectors globally has been consistent with no sign of it decreasing,” Jacqueline Jayne, security awareness advocate at KnowBe4, told Inside Retail.

But the mass shift to remote working during Covid-19 has accelerated the pace of attacks, according to Winzer. 

“The surge in cyber attacks is due to scammers aiming to capitalise on the shift to remote working,” she said.

“They have developed a series of new strategies to infiltrate systems to take advantage of employees who are caught off-guard in a non-office environment.”

Another factor may be ransomware insurance, which increases the likelihood that an organisation will meet hackers’ demands. 

“As long as the organisation has completed the checklist for the policy (was compliant when they took out the policy) then they are protected,” Roger Smith, director of client security at Care Managed IT, told Inside Retail. 

“The criminals know this, which means they will get what they ask for because the insurance company will pay.”

‘Happens fast’

Ransomware attacks aren’t just becoming more frequent, they’re also becoming more disruptive, as hackers shift their focus to the supply chain, rather than individual businesses. 

The Kaseya attack is a good example of this technique, according to Stephen Swavley, director of IT provider Navigatum. Not only is Kaseya’s software used by other companies, it’s also used by managed service providers that have their own clients. An estimated 1,500 businesses have been impacted by the attack, which has been called the biggest on record.

“Rather than going after each individual company, they hit the IT company. From there they used the IT company’s tools to encrypt all [their] clients,” Swavley said.

“This is hard to protect against.  And happens very fast.  Once they are in the IT company they can very rapidly attack their clients (minutes).”

The difference between this form of ransomware and earlier forms “is the difference between an attack and an onslaught”, according to Winzer, the cybersecurity expert at Unisys.

Attacks are also becoming more sophisticated, and therefore harder to stop. 

“In these attacks a human is driving the action instead of malware which means they can drive the attack to target and obtain the most valuable assets of the victim organisation,” Winzer said. 

“Spear phishing campaigns are also getting more sophisticated: with domain spoofing techniques, cybercriminals send spear-phishing emails from addresses that look exactly like authorised senders. This can only mean one thing: more attacks that successfully breach the perimeter.

“Ransomware looks more formidable than ever.”

‘Retailers are a key target’

All sectors are vulnerable to ransomware attacks, but retailers may be particularly at risk, because of the consumer-facing nature of their business, according to Michael McKinnon, chief information officer of Pure Security and Tesserent. 

“Retailers are a key target for ransomware attacks because of the obvious disruption an attack can cause across the business, immediately halting sales and foot traffic. This puts retailers under almost immediate pressure to pay ransoms in order to get the business operational again,” McKinnon told Inside Retail.

The fact that retailers use a blend of technologies across their corporate, store and e-commerce networks also means there are more potential vulnerabilities for hackers to exploit. 

“These systems are sometimes built on ageing technologies, with some platforms operating on obsolete operating systems like Windows 7, which is extremely high risk and no longer supported with security updates,” McKinnon said.

According to Check Point Research, cyber attacks in the retail sector are up 30 per cent month on month this year, jumping from 185 attacks per week to 241.

“The impact that ransomware can have on a retail business makes it a top one or two IT priority,” McKinnon said.

“Although the likelihood of a successful attack is low, if one does succeed the impact is extreme and can cause the complete collapse of a retail business or, at a minimum, very serious disruption and impact on the brand and reputation.”