The Shadow of Ransomware on the Festive E-Shopping Season

The year-end holiday season is both festive and highly active for consumers and retailers. The former, on the one hand, want to relax and celebrate with their loved ones, and, on the other hand, want to take advantage of the many deals offered by retailers. The latter enjoys peak sales, but must work hard to beat competition in attracting customers.

Another factor makes festive shopping a tense period for e-commerce retailers. Hackers are targeting e-commerce platforms year-round. We have seen more than enough proof of that this year. The attack on M&S, to give just one example, is expected to reduce annual profits by £136m compared with last year. They were hit in the second quarter of the year, when ransomware attacks grew 113% year over year compared to the second quarter of 2024. Being hit early in the year leaves hope of bouncing back with the year-end sales.

But what if this trend continues and a successful attack comes during the most critical final quarter? Just imagining the potential loss is enough to make any retail executive nauseous.

Cybercriminals plotting ransomware attacks certainly consider the importance of the fourth quarter. High-profit opportunities come with greater pressure. During this time, one is more likely to pay the price of keeping the business going and agree to higher payouts. Retailers have hopefully done their homework in preparing to get ahead of these threats. But no one is completely secure, and the main battles are being fought right now.

What to know about ransomware in 2025?

Ransomware attacks are nothing new—they have been around at least since the late 1980s. However, as software and network security evolve, so does the threat of malicious software.

Major shifts, of course, come from advances in AI-enhanced cyberattacks. For example, Microsoft reports a 195% global increase in the usage of AI-generated identities. Scammers use AI to fake IDs, websites, and even deepfake videos to go through live checks.

At least two major ransomware attack vectors emerge here. Firstly, threat actors can fake the identities of company employees, including CEOs, to gain access to internal networks. Secondly, they can spoof entire companies to masquerade as third-party service providers. One takes no issue with signing all the data-handling and non-disclosure agreements you want when using a fake ID.

Another, partly related, major concern is the rise of ransomware-as-a-service (RaaS). Just like the legal software-as-a-service model, its dark counterpart utilizes cloud computing to provide a subscription-based access to software. Except the software is specifically designed for cybercrime in this case.

Thus, today, e-commerce and other businesses are threatened by a broader range of potential assailants. Well-organized crime syndicates and individual hackers capable of building their own tools are joined by scattered solo criminals who only need to use the software already developed by others.

The threat of ransomware is bouncing back with new force; e-commerce platforms need to be prepared. What can retailers do to protect themselves while still doing business in, as the song goes, the most wonderful time of the year?

Staying safe while making year-end profit

Warding off ransomware attacks during the peak period is a mixture of preparation before Black Friday starts knocking at your door, and operational vigilance during it. Even if you are late with the steps that should ideally be done in advance, there are still important measures to consider as seasonal shopping fever rages.

Backing up crucial files

Improved backups are why ransomware encryption attacks, in which assailants encrypt crucial operational files and demand payment to restore business operations, are on the decline. As more companies wake up to this, attackers lose one of their major bargaining chips when extorting payments.

Festive shopping is when being up and running is beyond critical for e-commerce retailers. As major platforms will definitely have backups in place, attackers will target medium-sized businesses more. You don't want to be the one company that loses all its business to competitors because of a simple failure to back up files. Even if you are late to this, look into ways to back up your files as soon as possible without disrupting your clients' Christmas shopping.

Contact authorities for potential decryption keys

Even retailers who already find themselves at the losing end of a successful ransomware attack without good enough backups still have an option. Governmental agencies might have already decrypted some of the encryption used in ransomware attacks. For example, in 2024, the FBI announced that they have over 7,000 decryption keys that could help victims of the cybercrime group Lockbit decrypt their files.

Retailers who find themselves hacked should not panic and contact the FBI or other crime-fighting agencies immediately. While there is no guarantee, you have a chance of getting your business running without paying any ransom and in time to benefit from festive shopping.

Open-source intelligence gathering

In preparation for the peak e-commerce season, it is crucial for retailers to do their research. A lot of information about the newest ransomware and other campaigns is available online. Cybersecurity media outlets and forums might give you a sense of the threats out there and how to protect against them.

For a more comprehensive look at the threat landscape, you might want to use open source intelligence (OSINT) gathering and analysis tools. An automated approach also helps e-commerce businesses detect if they are already exposed, for example, by someone selling their leaked data on the dark web.

Increased vigilance during the peak period

Finally, e-commerce shops need to brace for the festive shopping season with increased vigilance. Constantly retraining employees to help them recognize phishing attempts is crucial. They need to be aware of the evolving dangers of social engineering attacks, especially during year-end shopping when urgency is felt everywhere.

Once, it was safer for those who conduct business in a language other than English, because phishing attempts were poorly translated into their language. With AI's improved multilingual capabilities, scammers can now craft convincing messages in any language. AI's improved language capabilities should especially concern European retailers. Europe is already the primary eCrime target, with 22% of victims on dedicated leak sites being from this region.

Generally, as the end of the year approaches and pressure to meet revenue targets increases, retailers must not let their guard down. On the contrary, to avoid the threat of ransomware, security procedures must be followed more rigorously than ever.

In conclusion

Ransomware is a major threat to e-commerce retailers this festive shopping season, accelerated by AI and other technological advancements. Attacks on major companies this year have shown that no one is completely safe. With convincing phishing schemes and ransomware tools becoming more accessible, small and medium businesses, as well as retailers in smaller markets, must also be vigilant. High-quality decision-making, even during sales fever, comes from preparation, intelligence gathering, and the resolve to adhere to standards.