A new wave of ransomware campaigns is specifically targeting point of sale (POS) systems used by small and midsize businesses, according to a joint advisory released this week by the FBI and CISA. The attacks are designed to exploit outdated software and default credentials in commonly used POS terminals, encrypting transaction data and crippling payment operations.
This trend marks a shift in focus from large enterprise environments to retail, hospitality, and small healthcare providers, where security is often less robust. Investigators report that attackers are deploying lightweight ransomware variants through remote desktop access and phishing emails. Once inside the network, the malware encrypts sales databases and demands payment in cryptocurrency to restore access.
In some cases, attackers also steal customer credit card data before launching the encryption phase, making these breaches even more damaging. Affected businesses experience not only financial losses but also reputational harm and potential legal consequences related to data protection laws.
What Should Small Businesses Do?
- Disable remote desktop access or secure it with strong authentication
- Regularly update POS firmware and software
- Replace default admin passwords with complex alternatives
- Segment POS systems from other network devices
- Maintain regular offline backups of transaction data
CISA has released a free security checklist tailored to small retail businesses, along with guidance on responding to ransomware incidents without paying the ransom. Law enforcement encourages all victims to report incidents to help track the evolving threat landscape.
This surge in POS-targeted attacks reinforces the need for cybersecurity vigilance at all levels of business. While small companies may feel overlooked by cybercriminals, they are now squarely in the crosshairs.