* [Blog](https://www2.paloaltonetworks.com/blog)
* [SASE](https://www2.paloaltonetworks.com/blog/sase/)
* [Uncategorized](https://www2.paloaltonetworks.com/blog/category/uncategorized/)
* ZTNA minimizes retailers'...

# ZTNA minimizes retailers' holiday ransomware threats

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsase%2Fztna-minimizes-retailers-holiday-ransomware-threats%2F)  
[](https://twitter.com/share?text=ZTNA+minimizes+retailers%27+holiday+ransomware+threats&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsase%2Fztna-minimizes-retailers-holiday-ransomware-threats%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsase%2Fztna-minimizes-retailers-holiday-ransomware-threats%2F&title=ZTNA+minimizes+retailers%27+holiday+ransomware+threats&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/sase/ztna-minimizes-retailers-holiday-ransomware-threats/&ts=markdown)  
\[\](mailto:?subject=ZTNA minimizes retailers' holiday ransomware threats)  
Link copied  
By [Ben Forster](https://www.paloaltonetworks.com/blog/author/ben-forster/?ts=markdown "Posts by Ben Forster")  
Nov 19, 2021  
5 minutes  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

Holiday shopping season is here, which means retail organizations find themselves in the crosshairs of ransomware groups. And, if the past year [has been any indication](https://www.paloaltonetworks.com/blog/2021/08/ransomware-crisis/), organizations of all brands can look forward to higher attack frequency and potency.

Although US and Western governments [have cracked down significantly on ransomware groups](https://start.paloaltonetworks.com/unit-42-ransomware-threat-report.html) since the wave of disastrous ransomware attacks, including the ColonialPipeline attack earlier this year, [the allure of monetization](https://register.paloaltonetworks.com/2021unit42ransomwarethreatrep) keeps new and evolving groups coming back into the fold.

Retailers, manufacturers, and organizations with seasonal revenue dependencies simply can't afford network downtime over the holidays. When point-of-sale systems, branch location connectivity, or payment servers go down, companies lose money and customers to competitors who may be operating just fine.

On top of potential lost revenue, ransomware groups target retailers they know can't afford downtime. Ransomware groups meticulously scour companies' public financial statements, competitor information, and insurance coverage to identify worthy victims and decide how much they will charge to extort retailers for regained access to critical systems or data.

Recently, we've seen the [rise of various groups](https://unit42.paloaltonetworks.com/emerging-ransomware-groups/) targeting VPN vulnerabilities, unpatched internet-facing servers, and leveraging commonly used windows persistence mechanisms to hide on corporate networks.

## **How ransomware groups exploit retail networks**

Ransomware groups generally use many of the same tactics used by other criminal and state actors to access corporate networks. These include conducting brute force attacks on passwords, or gaining entry through unpatched internet-facing servers and services, or connecting via uninspected [VPN](https://www.paloaltonetworks.com/blog/2021/06/why-hackers-like-your-remote-access/)s.

However, the holiday season brings a seasonal twist to the tried and true tactics malicious actors use to gain illicit network access, including the use of [squatting domains](https://unit42.paloaltonetworks.com/cybersquatting/), or websites designed to look like legitimate shopping sites; fake gift purchase emails; or spoofed credit card fraud alerts that trick users to supplying credentials on phishing sites.

In fact, spear phishing remains one of the most popular methods of credential theft, and clever attackers love to use the lure of a free holiday gift card to load malware onto user devices.

Compromised credentials allow attackers to cloak their network movements behind trusted user behavior, moving laterally to other retail networks, servers, and applications. Where ransomware groups differ from other malicious actors, though, is what happens after they gain network access.

Once inside, ransomware groups focus on encrypting sensitive files and holding them for ransom, requiring victims to pay exorbitant amounts of money to access business-critical data or tools required to conduct business. While any sort of illicit behavior on corporate networks is bad for business, a ransomware attack---especially during the holidays---can wreak substantial financial and reputational havoc for retailers.

## **5 steps to protect retail operations from ransomware attacks**

Retailers aren't destined to be ransomware victims. With the five following network management and security best practices, they can fortify their networks against opportunistic infiltration attempts during the holiday season.

1. **Restrict access for superuser or privileged accounts.** These usernames and passwords are often the most sought after by attackers as they enable access to a business's most important resources.
2. **Conduct a quick audit of the remote desktop systems used to access corporate resources.** If the remote desktop system isn't essential, consider disabling it.
3. **Provide extra monitoring** for mission-critical systems and high-risk users.
4. **Enable multi-factor authentication (MFA)** . This is especially important for remote users as they experience higher instances of device and credential compromise.
5. **Back up critical systems and air gap them from the network** . If attackers can reach backups, they'll target those for encryption as well.

## **What is a retailer's best defense for ransomware attacks? A Zero Trust mindset.**

A retailer's best defense for ransomware attacks is embracing an effective Zero Trust mindset. Based on [Zero Trust best practices](https://www.paloaltonetworks.com/blog/2021/05/time-for-zero-trust/), a Zero Trust mindset includes deploying products and policies that enable you to verify all users, devices, and applications; applying context-based access; securing all content; and monitoring users continuously.

Given that VPN, remote desktop, and internet-facing applications are among the most popular ways for ransomware groups to gain network access, securing these access points with zero trust network access [(ZTNA](https://www.paloaltonetworks.com/sase/ztna)) technologies is a good starting point for retailers to begin their zero trust journey. An effective [ZTNA solution](https://www.paloaltonetworks.com/sase/access), also known by many as a software-defined perimeter (SDP), does the following:

* **Cloaks all internet-facing servers, applications, and services behind a single cloud-delivered service.** Attackers can't attack what they can't see, and this prevents brute-forcing of exposed servers.
* **Pre-connect device inspection.** Before authenticating a user's access to a resource, the solution evaluates the security posture of the connecting device for signs of compromise or attacker persistence.
* **Provides identity-based access control.** An effective ZTNA solution integrates with all of your identity stores to implement role-specific, contextually adaptive policies regardless of where or how a user is connecting - managed or unmanaged device, at the office or from home.
* **Defaults to deny posture.** Only grant access to applications and services that the user has been explicitly authorized to access. Even once a user is authenticated, access should be granted to only specific services based on need-to-know.
* **Executes continuous post-connect monitoring.** Even after a user has been granted access to a resource, ZTNA solutions inspect the user's traffic for signs of data loss, malware, or attempted lateral movement and reconnaissance.
* **Includes credential theft prevention.** Advanced ZTNA solutions can detect and prevent users from supplying credentials to malicious websites by scanning username and password submissions on webpages against active corporate credentials.

There are plenty of things for retailers to think about during this holiday season, but figuring out how to reclaim data, files, or even the ability to run their business from a ransomware group doesn't need to be one of them. The proper preparation and Zero Trust know-how may be the difference between having a holiday season that is more merry and bright versus scary and a fright.

Check out how Prisma Access leads the pack for ZTNA in the [2021 Forrester New Wave™: Zero Trust Network Access](https://start.paloaltonetworks.com/ztna-new-wave-report) report.

*** ** * ** ***

## Related Blogs

### [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Leverage the Power of Self-Serve with ADEM](https://www2.paloaltonetworks.com/blog/sase/leverage-the-power-of-self-serve-it-with-adem/)

### [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### What is the ROI of SASE?](https://www2.paloaltonetworks.com/blog/sase/what-is-the-roi-of-sase/)

### [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Solve Your Remote Workforce Needs in a Snap with ADEM](https://www2.paloaltonetworks.com/blog/sase/solve-your-remote-workforce-needs-in-a-snap-with-adem/)

### [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Stop Troubleshooting in the Dark](https://www2.paloaltonetworks.com/blog/sase/stop-troubleshooting-in-the-dark/)

### [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Realizing the Best ROI for Your Digital Transformation Journey](https://www2.paloaltonetworks.com/blog/sase/realizing-the-best-roi-for-your-digital-transformation-journey/)

### [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### What's On the Horizon for ZTNA in 2022](https://www2.paloaltonetworks.com/blog/sase/whats-on-the-horizon-for-ztna-in-2022/)

### Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language