The Ransomware Threat to Retail Is Still Real

Despite earlier reports suggesting that ransomware payments were on the decline, the momentum of cyber attacks appears to be alive and well. Just ask men’s wear brand Boggi Milano.

A hacker group dubbed Ragnarok boasted that it stole roughly 40 gigabytes of corporate data from Boggi Milano servers. Similar to the ransomware attack on Kmart last year, the information at stake related to human resource content, not e-commerce or shopper data.

More from WWD

• Fall 2021 Trend: Black and White

The Italian luxury brand didn’t immediately respond to a WWD request for comment, but has acknowledged the cyber hack publicly and indicated that an investigation is underway.

Ransomware attacks are a digital version of an old scheme, with a bad actor taking something and then demanding ransom for it. The tech version typically involves hackers using malicious software to take control of a network, server or other systems and freezing the organization out, or stealing company data.

There was reason to hope there would be less motivation for the cyber extortion. The Federal Bureau of Investigations said that at least $144.35 million in Bitcoin — the preferred currency in ransomware situations — have been paid between 2013 to 2019 in ransom. But according to data from ransomware incident-response platform Coveware, pay-offs were on a downward slide last year.

Fewer companies are willing to pay, since they have less trust that the stolen data would be deleted and “exfiltrated data is made public despite the victim paying,” the firm said in a February report. Across the incidents tracked by Coveware, average ransom payments fell 34 percent last year and median ransom payments dropped 55 percent.

The concept of starving thieves of profitability may seem sound, but it’s not yet clear how much of a deterrent it has been.

Coveware discovered that the percentage of ransomware attacks involving a threat to release stolen data grew from 50 percent to 70 percent from the third quarter to the fourth. Another anti-fraud outfit estimated that the number of ransomware attacks it tracked grew more than 150 percent across 2020. In retail, the string of victims last year included In Sport of New South Wales, Luxottica in Italy, American toy company Mattel, Chilean-based multinational retail giant Cencosud, South Korean fashion and retail company E-Land and, of course, Kmart in the U.S.

In the latter case, a December attack targeting the struggling American chain left several of its network servers encrypted and took its human resources site offline.

The trend continues in 2021 and the stakes appear to be growing. Prior to the latest incident at Boggi Milano, Dairy Farm, a Hong Kong-based retail giant for groceries, health and beauty and home furnishings, was hit by REvil ransomware group in January. The hackers zeroed in on its network and encrypted devices, then demanded $30 million.

Cyber crime is always troubling and potentially very damaging. But for brands and retailers, such recent acts only add to the extraordinary pressures wrought by the coronavirus, which also fueled an increase of other illicit activity like fraud. According to fraud-prevention firm Sift, the average value of fraudulent purchase attempts jumped 69 percent last year.

Lockdowns have driven so much of the world to the web, and apparently online thieves have found irresistible opportunity in that. According to FBI figures, cyber crime in 2020 has cost more than $4 billion in losses.

For ransomware attacks, a report by London-based defense think tank The Royal United Services Institute and cybersecurity company BAE Systems described that combination of pandemic factors, along with malicious software that’s now easier to use and distribute, as a “perfect storm” paving the way for more incidents.

“Ransomware gangs have not taken a break during this pandemic, and [Boggi Milano] is another example of the fact that any industry is a target,” said Erich Kron, security awareness advocate at cybersecurity company KnowBe4.

The risk to global organizations may be particularly deep, given their extensive operations. For instance, Boggi Milano runs roughly 200 shops in 38 countries. But that also means culprits could face steeper penalties, with liability across multiple regions, Kron noted.

As for what companies can do to mitigate the risks, the security expert recommended having a data loss prevention system in place, along with a few commonsense measures.

Since ransomware is primarily spread through unsecured remote access points and email phishing, companies should focus on those areas. “[And] wherever possible, organizations should employ multi-factor authentication to secure email and login accounts, closely monitor any remote access portals and train users to spot and report email phishing attacks,” he urged.

People tend to be the biggest security vulnerabilities that companies face. While mitigating risky human behavior may seem rather low-tech, it’s one of the most crucial ways to address this high-tech risk.

Sign up for WWD's Newsletter. For the latest news, follow us on Twitter, Facebook, and Instagram.