Unlike M&S, rival British grocery chain Co-op managed to escape the worst outcome after cybercriminals attacked several UK retailers. That’s what the hackers themselves revealed to the BBC.
M&S is still suffering after an Easter cyberattack compromised its systems – the retailer can’t carry out online orders almost three weeks after the hit, and some shops have had issues with contactless payments and literally empty shelves.
The company isn’t officially confirming it, but most cyber experts are quite sure it’s dealing with ransomware, a type of attack where hackers paralyze the target’s computer systems and demand payment in exchange for leaving them be.
The Co-op chain was also attacked. However, the firm said on Wednesday that its systems were already running normally and promised improved stock availability in stores and online from this weekend.
Your store may be experiencing some product availability issues due to technical problems we are experiencing. All our stores are open and trading and we are now making deliveries to all of our stores, flowing in an increased level of fresh, chilled and frozen products alongside…
undefined Co-op (@coopuk) May 15, 2025
The chain also said it had immediately restricted access to its systems to protect itself from the cyberattack. That would explain why Co-op is recovering more quickly – and that’s actually how the culprits themselves explained the state of play to the BBC.
Hackers, who claim responsibility for both attacks, told the British public broadcaster they tried to infect Co-op systems with ransomware but failed when their attack was discovered in real time.
According to the criminals quoted by the BBC, the company “yanked their own plug – tanking sales, burning logistics, and torching shareholder value.”
Industry experts, though, say that was the right move because the disruption was self-imposed and short-term rather than criminal-imposed and long-term. Bank of America estimates that the fallout from the hack is costing M&S £43 million ($57 million) a week.
In both cases, personal customer data was stolen and could include phone numbers, home addresses, and dates of birth – but not payment or card details and passwords. Customers should nevertheless reset their account details and be wary of potential scammers.
The hackers who contacted the BBC say they are from DragonForce, which operates an affiliate cybercrime service, meaning that anyone can use their malicious software and platform to carry out attacks.
According to Halcyon researchers, DragonForce’s public stance strongly implies “a close alignment – or even allegiance – with the Russian Federation.”
Indeed, in a post on a dark web forum, DragonForce has recently warned affiliates not to use its ransomware against targets in Russia or any former Soviet state.
And last year, Group-IB’s researchers said that DragonForce enforces specific rules prohibiting attacks on hospitals, critical infrastructure, and non-profit organizations in Russia and other countries belonging to the Moscow-led Commonwealth of Independent States.
Your email address will not be published. Required fields are markedmarked