Five Tips to Stop Ransomware from Crippling Your Restaurant’s POS System

POS systems are mission critical for restaurants and retailers. They feed sales information into revenue and accounting management systems and often handle inventory control, purchasing, receiving, and product transfers among locations. In addition, those systems typically link to information on sales, customer returns, reporting, and sales trends, as well as cost, profit, and price analysis. 

And while POS malware attacks continue to make headlines and wreak havoc with both brand reputations and profit margins, it’s becoming clear that an even greater threat is gaining ground, as cybercriminals continue to hold one municipality after another hostage for ransom. You don’t need a crystal ball to conjure up what could happen next. In fact, industry experts have recently noted that a cybercrime group known primarily for hacking retailers and stealing payment card details from POS systems has changed tactics to deploying ransomware to the POS system network. 

What makes the threat of a ransomware attack so much more devastating than a “simple” malware attack? For one thing, typical POS malware must successfully persist on the target’s network for months while it syphons off credit card data. But a ransomware attack needs only minutes to execute its plan, shutting down the POS systems…effectively bringing the business and all revenue to a screeching halt.


Now imagine you’re that unlucky restaurant owner whose POS system has been hit with a ransomware attack. POS ransomware isn’t about paying to get your data back, it’s about paying to get access to your POS systems back in order to bring your business back to life. You’re losing millions of dollars a day in actual revenue—and potentially more in resulting data breach fines, reputational damage, and loss of customer loyalty. Would you pay that tens of millions (or whatever it takes) to stop the bleeding?

The truth is, you could find yourself in such a situation far sooner than you think. That’s because according to current estimates, U.S.-based credit card data can be sold by hackers for $15-$20 per card, depending on the data. If that sounds like less than you’d expect, here’s why: As data breaches become more prevalent, the market for stolen credit cards becomes flooded, thus driving the price down. What’s more, thanks to fraud detection and consumers cancelling their stolen cards as soon as they learn of a breach, stolen credit card data now has a fairly short shelf-life. This is putting a lot of pressure on cybercriminals to find new revenue streams. A next-level malware/ransomware breach, however, could fit the bill by freezing the POS devices themselves, offering immediate monetization for the attackers—because ransomware only has to persist for a minute (versus months for malware) before the “rewards” start flowing.


Cybersecurity Ventures predicts the global cost of ransomware-related damages to reach $20 billion by 2021—compared with $11.5 billion for 2019—which is another reason why it’s become more important than ever for retail organizations to stay ahead of cyber threats.

What can you do to prevent a ransomware attack from crippling your point-of-sale system? Start with this as a list of best practices that can help contribute to a solid retail cybersecurity strategy:

  1. Work with a managed security services provider that can provide 24/7 monitoring via a security operations center (SOC) to add expertise and resources to your IT security teams.
  2. Adopt a software-defined branch networking strategy to standardize security measures across all your stores and maximize threat detection and response at the POS-level.
  3. Segment network traffic to lock down your POS systems from the rest of the network and implement cloud-based managed firewall to protect both inbound and outbound traffic.
  4.  Deploy co-managed SIEM (security information and event management) across the enterprise, including your stores, to provide early warning of cyberattacks.
  5.  Invest in endpoint threat detection and response (EDR) to shorten the active window of a breach and limit the damage. It’s a small incremental investment that can provide tremendous peace of mind.

These five practices should be considered all part of an integrated cybersecurity solution. We recommend partnering with a managed security service provider that can deliver the people and technology to address each.  With stolen credit card data value on the decline in the black market and the continued rise of ransomware attacks, restaurants and retailers are particularly vulnerable to ransomware.