How Restaurant Operators Can Defend Against Ransomware

It’s a restaurant operator’s worst nightmare. You have stores full of patrons, and no way to collect their money because the POS system has been hijacked by ransomware. That’s how the McMenamins restaurant and hospitality chain closed out 2021, a banner year for ransomware attacks. The bad news is that according to most predictions, 2022 will be worse as gangs organize and focus on SMBs. 

McMenamins confirmed the attack, reporting that ransomware locked the company’s systems and potentially exposed sensitive employee data. While customer data was not exposed, the company’s operations, including corporate email and point of sale systems, were affected.  

What Is Ransomware?

Ransomware is a type of malware that encrypts data, preventing you from accessing it until you unlock it with an encryption key. Today’s ransomware attacks have three stages. First, the attacker – frequently a Russian-based malware gang – penetrates your network by exploiting a vulnerability. That vulnerability could be an unprotected remote access port, unpatched software somewhere in your systems, or a door opened by an unwitting employee clicking on a malignant link in a phishing email.

Next, the attacker scans your network and plants the ransomware malware on servers, POS systems or PCs, while at the same time stealing sensitive data such as employee records with social security numbers. 

Finally, the cyber criminal activates the malware, which spreads throughout your connected systems, encrypting data and flashing ransom notes on affected system screens. The ransom is “double headed” – pay up to get an encryption key so you can recover your data and pay up to keep the attacker from releasing your stolen data for sale on the dark web.

Steps You Can Take to Protect Against Ransomware

Unfortunately, neither firewalls nor anti-virus software can completely protect a store or headquarters’ operations against ransomware, and there is no one perfect “silver bullet” that will protect you 100%. Anyone who has access to email is a source of ransomware risk through phishing attacks. 

However, there are steps you can take to reduce your risk of a ransomware attack. At headquarters and at store locations, your first line of defense should be a robust backup process. The more frequently you back up data, the less exposure you have. Backups should happen at least daily, and the back-up data should be stored somewhere off your network, so it can’t be compromised in an attack. 

Here are other ways to add security to your operations to protect against ransomware:

  • Train employees who access email to not open suspicious emails, click on links in those emails, or open attachments, and test them frequently. This is the primary way that ransomware gets onto a device in your network. From there it will spread laterally to infect other devices.
  • Embrace zero trust network access and multi-factor authentication. 
  • Prioritize vulnerabilities that matter and patch operating system and application software frequently. 
  • Consider endpoint protection solutions that not only detect and act against suspicious behavior but can actually prevent malware from executing.
  • Isolate guest Wi-Fi from your main network. This will protect against accidental installation of ransomware malware by drive-by infection (accessing an internet site that uses that connection to infect your network).
  • Further segment your restaurant networks to isolate POS systems, back-office PCs, and file servers, helping to prevent spread of malware in the event of an attack. 
  • Lock down your mobile POS devices so they can only access applications needed for your restaurant.
  • Gain visibility into all traffic leaving the network. This can reveal the presence of other malware or malicious activity. For example, consistent traffic going to a country that you have no known reason to communicate with can indicate malicious software is exfiltrating data to another computer.

In the restaurant business, you have more at risk from a ransomware attack than data and the cost of mitigation. There’s also the lost revenue from when your systems are offline, which can be days or even months in the case of ransomware attacks. With that lost business can come reduced brand loyalty and customer confidence. 

With ransomware gangs reorganizing to target small and mid-sized businesses, restaurants included, constant vigilance and advanced tools are the order of the day. Small and mid-sized restaurant brands may consider working with a managed security service provider (MSSP) for cybersecurity expertise and 24/7 monitoring of your store and enterprise networks.