In recent months, the UK retail sector has been under siege by a surge in ransomware attacks, with high-profile companies such as Marks & Spencer (M&S), Co-op, and Harrods falling victim to these cybercriminals. These incidents have not only disrupted operations but also exposed significant vulnerabilities within the industry.
The Rising Tide of Ransomware Attacks
Between April and May 2025, several major UK retailers experienced significant cyberattacks, primarily attributed to the DragonForce and Scattered Spider ransomware groups. These incidents disrupted operations, compromised customer data, and highlighted vulnerabilities within the retail sector. (inreachgroup.co.uk)
In the first quarter of 2025, there was an 85% increase in ransomware attacks against UK retailers compared to the same period last year. This surge underscores the escalating threat landscape facing the retail industry. (bitdefender.com)
Explore the data solution with built-in protection against ransomware TrueNAS.
Case Studies: M&S, Co-op, and Harrods
Marks & Spencer (M&S):
On April 21, 2025, M&S customers began reporting issues with contactless payments and click-and-collect services. The company confirmed a cyber incident later that day, and by April 25, M&S suspended all online orders, halting a critical revenue stream that generates approximately £3.8 million daily. The attack, identified as a ransomware assault, encrypted key servers using the DragonForce ransomware tool, rendering systems inaccessible. The financial toll was severe: over £700 million was wiped off M&S’s market value, with shares dropping 6.5% in the week following the attack. (breached.company)
Co-op:
On May 2, 2025, Co-op disclosed a cyberattack that resulted in unauthorized access to personal data of current and former members, including names, contact details, and dates of birth. Financial data and passwords were not affected. The breach prompted the shutdown of certain IT systems to prevent further damage. (inreachgroup.co.uk)
Harrods:
On May 1, 2025, Harrods reported an attempted cyberattack, leading to restricted internet access at some sites as a precautionary measure. While no breach was confirmed, the incident raised concerns about potential vulnerabilities. (inreachgroup.co.uk)
The Attackers: Scattered Spider and DragonForce
The DragonForce ransomware group, believed to operate from Asia or Russia, has been identified as a significant threat actor behind these attacks. They employ sophisticated social engineering tactics to gain unauthorized access to systems, as seen in the M&S incident, where an attacker tricked a third party into resetting an M&S employee’s password, allowing unauthorized access. (techradar.com)
Similarly, Scattered Spider, a financially motivated group known for its social engineering capabilities, has been particularly active in the UK. (purecyber.com)
The Impact on the Retail Sector
These cyberattacks have had far-reaching consequences for the UK retail sector. The disruptions have led to stock shortages, operational halts, and a significant loss of consumer trust. For instance, M&S faced a £300 million loss in operating profit due to the April attack. (ft.com)
The Co-op experienced similar challenges, with the breach affecting back-office and call center operations, leading to a temporary shutdown of certain IT systems. (cyberproof.com)
Law Enforcement Response
In response to these incidents, UK police arrested four individuals under the age of 21 in connection with cyberattacks that targeted major retailers like M&S, Co-op, and Harrods. The National Crime Agency (NCA) led the investigation and has seized electronic devices for questioning by its National Cyber Crime Unit. (reuters.com)
Strengthening Cybersecurity Measures
The National Cyber Security Centre (NCSC) has issued guidance for companies to strengthen their cybersecurity defenses following these major retail cyberattacks. The guidance emphasizes the importance of robust cybersecurity measures to combat the growing threat of ransomware attacks. (bleepingcomputer.com)
Conclusion
The surge in ransomware attacks targeting UK retailers highlights the urgent need for enhanced cybersecurity measures within the industry. Retailers must prioritize the protection of customer data and operational systems to mitigate the risks associated with these evolving cyber threats.
References
Four under 21s arrested? Were they after the sweets or just practicing their coding skills on a grand scale? Perhaps retailers should offer cybersecurity apprenticeships instead of just stocking up on digital defenses?
That’s a great point! Cybersecurity apprenticeships could be a fantastic way to address the skills gap and offer opportunities to young talent while simultaneously strengthening retailers’ defenses. It’s a proactive approach that benefits both the industry and aspiring professionals. This is forward thinking and positive, thanks for the comment.
Editor: StorageTech.News
Thank you to our Sponsor Esdebe
The focus on social engineering by groups like DragonForce highlights the need for comprehensive staff training programs within the retail sector, addressing password security and phishing awareness.
Absolutely! The focus on social engineering underscores the importance of regular, engaging staff training. Perhaps gamified simulations could help keep employees sharp and better prepared to recognize and resist these attacks. What strategies have others found effective in their organizations?
Editor: StorageTech.News
Thank you to our Sponsor Esdebe
Given the rise in ransomware attacks, how are smaller retail businesses, without the resources of M&S or Harrods, expected to implement robust cybersecurity measures effectively? What affordable solutions exist?
That’s a crucial point! It’s a real challenge for smaller businesses. Focusing on preventative measures like robust password policies and multi-factor authentication can be very effective and relatively inexpensive. Cloud-based security solutions offer scalable and affordable options too. What other cost-effective strategies have smaller retailers found useful?
Editor: StorageTech.News
Thank you to our Sponsor Esdebe
The mention of social engineering tactics is particularly concerning. Could implementing AI-driven tools to analyze communication patterns and flag potentially malicious interactions offer an additional layer of defense against groups like DragonForce and Scattered Spider?
That’s an interesting idea! AI-driven analysis of communication patterns could certainly add another layer of defense. I wonder how smaller retailers could access such tech, perhaps through cybersecurity partnerships or subsidized programs. It would be great to hear of any success stories using AI in this space.
Editor: StorageTech.News
Thank you to our Sponsor Esdebe