Ransomware And Retail: A Tragedy

Contributed by Cher Zavala.

As if the thought of a data breach isn’t terrifying enough, retailers have another significant cybersecurity threat looming over them: Ransomware. As the name suggests, ransomware is a type of malware that takes a device hostage, abducting functions and data and then demanding payment of some form from users. Between 2014 and 2015, the number of ransomware attacks rose an expected 19 percent ― but last year, there were at least 638 million instances of ransomware infections, which was 167 times higher than 2015. Experts are predicting 2017 to be even worse.

Because ransomware can infect nearly any device, many retailers are finding their business systems locked up until they comply with criminals’ demands. Before you find your business devices ransomed, you should learn how to properly prepare for and react to a ransomware attack.

Backup Data Constantly

Ransomware attacks usually occur in one of two ways: Either the program encrypts a device’s data or the program hides data from view. The latter isn’t terribly serious; users can typically erase the ransomware program and recover their information within a few hours. However, the former ― encryption ― typically spells the end for a retailer’s data. Not even top cybersecurity experts can unencrypt data without the correct key, and because there is no guarantee a criminal will return stolen data upon payment, a business is often out of luck after this type of attack ― unless it has data backups.

Backing up your business’s data is a good practice not just because of looming ransomware threats, but ransomware certainly drives the importance of backups home. If you are attacked by ransomware, you can simply return to a recent backup and continue working, business as usual. If you are notoriously negligent about backing up your devices, you should consider investing in dedicated backup software that automatically makes backups of your important data and saves it to an external source.

Use a NAS

Admittedly, full backups can be consuming, and in retail, time is money. If you value the speed of data recovery, you might install network attached storage (NAS), which will get your business up and running faster after an attack. It isn’t difficult to set up and use a NAS, and most systems are flexible to your specific needs; for example, you can make your NAS into a simple repository for your backed up data, or you can use software to schedule regular backups.

Still, because a NAS is on your network, it is susceptible to the same attacks that target your regular devices. To keep it safe, you should have some kind of antivirus software installed on every device ― small retailers can get by with strong consumer ransomware protection software. Additionally, your NAS should operate under a separate user account and be locked to nearly everyone. Then, even if the rest of your network is ransomed, your NAS will probably be safe.

Protect the Cloud

You might like to believe your cloud storage is safely out of reach of cyber criminals, but the truth is most clouds sync files onto your devices, giving ransomware programs easy access. Therefore, you can’t forget to backup and protect your cloud while you are preparing for ransomware warfare. Ideally, you would use a cloud services provider that places an emphasis on security. Additionally, you should try to maintain distance between your cloud storage, only syncing when it is necessary to share and retrieve data. Then, your cloud will truly float happily above any future cyberattacks.

React Intelligently

Sometimes, no matter how well you guard against it, disaster strikes. If you are victim to a ransomware attack, the way you immediately respond to the situation could impact how your retail business survives. As soon as you recognize the attack, you should call the authorities. Often, there is little the police can do to recover your data or locate the attacker, but it is important that they record the event in case the situation escalates or they do find clues that can help you recover.

Next, you should begin trying to recover your data. If you ignored everyone’s advice and refused to make backups of your devices, this will be a long and arduous task. It might be wise to hire a skilled security team because many recovery processes require digging through sensitive areas of your devices. One wrong click and you could be in even worse straits. Security professionals have experience battling ransomware and recovering data, so they are your best chance at returning your devices to their pre-attack states.

Finally, under no circumstances should you cooperate with the hackers. As criminals, they have no incentive to make good on their promises to return your data; in fact, by reneging on their deal, they have a greater chance of exploiting more money or information from you. Even if your data is gone for good, you will likely win nothing by paying the ransom, but you will lose cash and self-esteem in giving up.

Cher is a content coordinator who assists in contributing quality articles on various topics. In her free time she also enjoys hiking, traveling and getting to know the world around her. Cher has built up many strong relationships over the years within the blogging community and loves sharing her useful tips with others.