How Big a Risk is Ransomware to POS Systems?
by Paul Hudson – Business Development Manager,
The massive WannaCry cyber attack in May 2017 made headlines the world over and brought the threat posed by ransomware to widespread public attention.
The so-called ‘crypto-worm’, which caused huge disruption to the IT systems of major banks, transport authorities, telephone carriers and car manufacturers the world over, as well as the NHS, served as a timely reminder of the threat posed by malware and cyber crime in the modern digital world.
But how much of a threat to POS systems is ransomware, and what can retailers, leisure operators and businesses in the hospitality industry do to protect themselves against the threat?
POS hardware is no stranger to cyber attacks, of course. One of the biggest examples of organised credit card fraud in history was carried out by notorious hacker Albert Gonzalez and his gang, who targeted vulnerable WiFi systems at retail outlets across the USA to steal card details straight from POS equipment. Gonzalez was eventually found guilty of stealing up to 90 million card numbers and using them to fraudulently buy millions of dollars worth of goods.
Since Gonzalez and his gang were at large in the late 2000’s, network security around POS hardware and solutions has improved significantly, and the handling of financial details is safer than ever.
Ransomware poses a different kind of threat to POS environment, however. In a ransomware attack, the object is not to steal customer’s financial details or other personal information. Instead, the idea is to bring the system down completely, using advanced encryption methods to shut users out, or else lock all of the files and programs within the system.
Being frozen out of their own POS system would have a devastating impact on any retailer or hospitality outlet, effectively suspending their ability to do business. The only way out is usually to pay the perpetrators to restore the system to normal - hence the term ‘ransomware’.
Ransomware variants designed specifically to target POS hardware are out there - several examples programmed to attack Sage platforms have been identified over the past 12 months. Security experts are also warning that ransomware viruses are becoming increasingly sophisticated and potent. One of the reasons WannaCry caused so much disruption was because it was special type of self-replicating virus called a worm, which can copy and distribute itself to attack new targets.
Keeping up to date
So what can POS operators do to protect themselves?
Another feature of WannaCry taught us all an important cyber security lesson. The reason it spread so quickly was because it targeted a known vulnerability in older versions of Windows - versions which Microsoft has stopped producing security patches for. The lesson is, if you want to stay safe from cyber attacks, keep your software platforms up to date, and keep on top of your security patches.
Other recommended steps include making regular backups of your system and storing them offsite. Then even if your system is attacked and you find yourself locked out, at least you can roll back to an earlier version you have access to. The self-replicating nature of WannaCry also gives us an example of how important network security is, and especially having robust firewalls in place. If you are going to offer customer WiFi, make sure your critical systems are protected with the very latest anti-viral protections.