cyber-attack

Four Arrested in £440M Cyber Attack on Major UK Retailers

Today in Tech

Today in Tech

3 min read
Q1 2025 Threat Landscape Report Reveals 75% Surge in Retail Ransomware
Q1 2025 Threat Landscape Report Reveals 75% Surge in Retail Ransomware

Four Arrested in £440M Cyber Attack on Major UK Retailers

In a significant development for cybersecurity in the retail sector, four individuals have been arrested in connection with a massive cyber attack that targeted major UK retailers Marks & Spencer, Co-op, and Harrods. The attacks, which occurred in April 2025, caused an estimated £440 million in damages and severely disrupted operations.

Q1 2025 Threat Landscape Report Reveals 75% Surge in Retail Ransomware

Q1 2025 Threat Landscape Report Reveals 75% Surge in Retail Ransomware

The Arrests and Investigation

The UK's National Crime Agency (NCA) announced the arrests, which took place across the West Midlands, Staffordshire, and London. The individuals arrested include two 19-year-old men, a 17-year-old male, and a 20-year-old woman. The arrests followed an extensive investigation into the cyber attacks that crippled the retailers' systems earlier this year.

Impact on Marks & Spencer, Co-op, and Harrods

The cyber attacks had a significant impact on the targeted retailers. Marks & Spencer (M&S) was particularly hard hit, with its website being taken offline following a ransomware attack. This disruption led to the removal of over 230 job vacancies and hampered in-store operations due to the failure of loyalty systems, handheld scanners, and internal apps. While details on the specific impact on Co-op and Harrods are still emerging, reports indicate that they also experienced significant operational disruptions.

Scattered Spider Connection

Security experts believe the suspects may be connected to the infamous hacking collective known as Scattered Spider. This group has been linked to previous high-profile cyber attacks, including those against gaming giants MGM and Caesars. Scattered Spider is known for its sophisticated and human-centric hacking techniques, making them a formidable threat to businesses. The DragonForce encryptor was reportedly used in the M&S attack, further linking it to this group.

The Growing Threat of Ransomware

This incident highlights the growing threat of ransomware attacks, particularly in the retail sector. Ransomware attacks involve hackers encrypting a company's data and demanding a ransom payment in exchange for the decryption key. These attacks can cause significant financial losses, reputational damage, and operational disruptions.

  • Manufacturing, information technology and healthcare are top targets of cybercriminals.
  • Ransomware attacks on the oil and gas industry increased dramatically between April 2024 and April 2025, spiking 935%.

Protecting Your Business and Yourself

To protect themselves from cyber attacks, businesses and individuals should take the following steps:

  1. Implement strong passwords and multi-factor authentication.
  2. Keep software and systems up to date with the latest security patches.
  3. Educate employees about phishing scams and other social engineering tactics.
  4. Invest in robust cybersecurity solutions, such as firewalls and intrusion detection systems.
  5. Regularly back up important data to a secure, offsite location.
  6. Develop a comprehensive incident response plan to address cyber attacks.

Key Takeaways

The cyber attacks on Marks & Spencer, Co-op, and Harrods serve as a stark reminder of the importance of cybersecurity in today's digital age. Businesses of all sizes must prioritize cybersecurity to protect themselves from the growing threat of cyber attacks. By taking proactive steps to improve their security posture, businesses can reduce their risk of becoming the next victim.

References

Read more