US online holiday sales grew by 30% in 2020, and Forrester forecasts that it will grow another 10% year over year in 2021. This growth raises the stakes for retail professionals to support the increased demand, which ultimately makes them a prime target for ransomware attackers.

Why Should Retailers Pay Attention To Ransomware Preparedness?

Ransomware attackers target organizations that need as close to 100% uptime as possible, since those businesses will feel the effects of a ransomware attack more viscerally and are more likely to pay a ransom quickly to get back up and running as soon as possible. Retailers and their providers fall right into this bucket: They rely on continuously running production, they must serve consumers constantly, and they often utilize just-in-time manufacturing. Furthermore, they often have several third-party dependencies they can’t disappoint and complex supply chains to manage. Every aspect of the retail supply chain is a potential target of attack.

Since the holiday season guarantees retailers an increase in traffic and more emotionally charged purchases, the incentive for ransomware groups to attack them is exacerbated now more than ever. Below, we provide a primer on ransomware attacks and how they can affect retailers.

What Is Ransomware?

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. It’s been used in very public attacks, like the one on Colonial Pipeline earlier this year, and attacks on hospital systems.

This type of attack has become more common in part because of the emergence of ransomware-as-a-service (RaaS). RaaS is where attackers sell access to ransomware software as though they were operating a business, fully outfitted with salespeople, developers, managers, and marketers. They operate as a typical startup and sell access to their “product” on the dark web to cybercriminals who do not want to develop their own ransomware but still want to use it and get the payout.

How Does Ransomware Affect Retailers?

Ransomware attacks affect every aspect of the retail supply chain, especially in these five areas: suppliers, logistics, operations, products, and websites. Below are descriptions of how ransomware can affect each of these and real-world examples.


  • When ransomware attackers target suppliers, it often results in machines in factories being disabled or employees being locked out of critical supply systems. Once most suppliers discover a ransomware attack, the de facto response to contain the attack is to shut down facility operations indefinitely. This results in production bottlenecks, and customers scramble to use their alternative supplier. This kind of attack struck JBS Foods this year, shutting down its slaughterhouse for an entire day. To add insult to injury, JBS had to shell out $11 million in Bitcoin ransom to get its systems back. To gauge the resilience of your suppliers in a crisis, we recommend using The Forrester Supplier Resilience Assessment Tool.


  • Logistics firms are targeted by ransomware groups because of their just-in-time business models and the complex interconnectedness of their IT systems. Ransomware attacks on these targets quickly infect computer systems throughout the network to encrypt as many devices as possible and render the firm inoperable. This happened over the past few years with CMA CGM, FedEx, and Maersk, which all halted operations and suffered millions in revenue loss.


  • When ransomware infiltrates a brick-and-mortar store, it tries to infect point-of-sale systems, employee tools, store printers — whatever it can get its hands on. These attacks can prevent customer transactions or even force stores to close. More detrimental for the brand is the risk that your customers will witness an attack unravel your operations in real time. For example, Cencosud was made aware of a ransomware attack hitting their systems when POS printers spewed out ransomware notes in its stores.


  • Digital products such as e-readers, tablets, video gaming systems, and others are also susceptible to ransomware attacks. When hit, these devices may appear inoperable while the attacker steals company and customer data. This situation can be very detrimental for customers and organizations. When devices mysteriously stop working, customers often take to social media to air their grievances. This inevitably affects the external image of the brand and public perception of your product’s efficacy. When Barnes & Noble’s NOOK e-reader was attacked with ransomware, customers lost access to their libraries, purchases, and accounts — and complained on Facebook and Twitter as a result.


  • Ransomware attackers often look to target public assets — especially ones retailers rely on, like e-commerce websites. If your website shuts down from a ransomware attack, customers lose access to you, which may confuse or frustrate them and leave them concerned about the safety of their data. Last year, X-Cart’s e-commerce hosting site was corrupted, locking out store owners from their own websites and preventing customers from accessing them for days.

How Can You Protect Against Ransomware Attacks This Holiday Season?

Protecting against ransomware attacks is something every single employee can participate in. Both now during the holiday season and as you plan for your 2022 operations, the top three things we recommend that retailers engage every employee on to promote ransomware defense are to:

  1. Keep your team informed about the implications of a ransomware attack, especially around high-traffic times like the holidays. Make sure they know what ransomware is and are on the lookout for any signs of a potential ransomware attack.
  2. Get your employees to gamify finding phishing attacks and reporting them to your security team. Phishing attacks are one of the main ways cybercriminals start their attacks, so the more awareness you can spread about this attack vector, the better.
  3. Work with the security team to simulate what you would do in the event of a ransomware attack. Having a plan in place for how to respond when a ransomware attack happens is critical to having a quick and complete recovery.

And be sure to share this blog with your security team to help them protect your enterprise against ransomware attacks.

For more on ransomware in the retail sector, watch our webinar, Retail Lens: Everything You Need To Know About Ransomware. If you’re a Forrester client, please schedule an inquiry with us.

(written with Melissa Bongarzone, senior research associate at Forrester)