It’s a restaurant owner’s worst nightmare. You have stores full of customers and no way to get their money back because the POS system has been hacked with ransomware. This is how restaurant and hospitality chain McMenamins ended 2021, a record year for ransomware attacks. The bad news is that, by most forecasts, 2022 will be worse as gangs get organized and focus on SMBs.
McMenamins confirmed the attack, noting that the ransomware was blocking company systems and potentially exposing sensitive employee data. Although customer data was not exposed, business operations, including corporate messaging and point-of-sale systems, were affected.
What is ransomware?
Ransomware is a type of malware that encrypts data, preventing you from accessing it until you unlock it with an encryption key. Today’s ransomware attacks have three stages. First, the attacker – often a Russian-based malware gang – enters your network by exploiting a vulnerability. This vulnerability could be an unprotected remote access port, unpatched software somewhere in your systems, or a door opened by an unwitting employee clicking on a malicious link in a phishing email.
Then the attacker scans your network and installs the ransomware malware on servers, POS systems, or PCs, while stealing sensitive data such as employee records with social security numbers.
Finally, the cybercriminal activates the malware, which spreads throughout your connected systems, encrypting data and flashing ransom notes on the screens of affected systems. The ransom is “double” – pay to get an encryption key so you can recover your data and pay to stop the attacker from selling your stolen data on the dark web.
Steps you can take to protect yourself against ransomware
Unfortunately, neither firewalls nor anti-virus software can fully protect a store or corporate office’s operations from ransomware, and there is no perfect silver bullet that will protect you 100%. Anyone with access to email is a source of ransomware risk through phishing attacks.
However, there are steps you can take to reduce the risk of a ransomware attack. At headquarters and in stores, your first line of defense should be a robust backup process. The more frequently you back up your data, the less exposed you are. Backups should take place at least daily, and backup data should be stored somewhere off your network, so it cannot be compromised during an attack.
Here are other ways to add security to your operations to protect against ransomware:
- Train employees who access emails not to open suspicious emails, not to click on links in those emails or open attachments, and to test them frequently. This is the primary way ransomware enters a device on your network. From there, it will spread laterally to infect other devices.
- Embrace zero-trust network access and multi-factor authentication.
- Prioritize important vulnerabilities and patch operating system and application software frequently.
- Consider endpoint protection solutions that not only detect and act against suspicious behavior, but can actually prevent malware from running.
- Isolate guest Wi-Fi from your main network. This will protect against accidental installation of ransomware malware by drive-thru infection (by accessing a website that uses that connection to infect your network).
- Segment your restaurant’s networks further to isolate point-of-sale systems, back-office PCs, and file servers, helping to prevent the spread of malware in the event of an attack.
- Lock down your mobile POS devices so they can only access the apps your restaurant needs.
- Gain visibility into all traffic leaving the network. This may reveal the presence of other malware or malicious activity. For example, constant traffic to a country you have no known reason to communicate with could indicate that malware is exfiltrating data to another computer.
In the restaurant industry, you are more exposed to the risk of a ransomware attack than the data and the cost of mitigation. There’s also the loss of revenue when your systems are offline, which can take days or even months in the case of ransomware attacks. This loss of business can lead to reduced brand loyalty and customer trust.
With ransomware gangs reorganizing to target small and medium businesses, including restaurants, constant vigilance and advanced tools are the order of the day. Small to medium-sized restaurant brands may consider working with a Managed Security Service Provider (MSSP) for cybersecurity expertise and 24/7 monitoring of your store and business networks.