Four Arrested in Connection with M&S, Co-op Ransomware Attacks

Four Arrested in Connection with M&S, Co-op Ransomware Attacks

The UK's National Crime Agency (NCA) has announced the arrest of four individuals suspected of being involved in a series of ransomware attacks that hit British retailers earlier this year. The suspects, aged 17, 19, 20, and 19, were apprehended at their home addresses in the West Midlands and London on suspicion of Computer Misuse Act offences, blackmail, money laundering, and participating in the activities of an organised crime group.

The arrests are a significant development in the investigation into the attacks, which targeted Marks & Spencer (M&S), Co-op, and luxury department store Harrods. M&S was the only retailer to have its systems encrypted with ransomware, resulting in estimated losses of £300 million for the company.

According to the NCA, the attackers managed to grab user data from M&S, as well as user and member data from Co-op. The London-based department store Harrods was able to fend off the attack, thanks in part to its robust cybersecurity measures.

The investigation is believed to be linked to two groups: Scattered Spider, a cybercriminal group that specializes in phishing, social engineering, and SIM swapping attacks, and the DragonForce ransomware-as-a-service (RaaS) cartel. The ages of the four arrested individuals suggest they may have been part of the loosely affiliated hacking collective.

"Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the Agency's highest priorities," said Deputy Director Paul Foster, head of the NCA's National Cyber Crime Unit. "Cyber attacks can be hugely disruptive for businesses, and I'd like to thank M&S, Co-op, and Harrods for their support to our investigations."

While the arrests are a positive step in the investigation, experts warn that cyber attacks will continue to evolve and become more sophisticated. Juliette Hudson, CTO of CybaVerse, noted that "the techniques these actors used are now widely known across the world and other criminals will be dabbling with them – hoping to see the same success."

"However, the news also sparks a wider concern," Hudson added. "How can we stop teenagers turning to cyber crime and instead use their computing skills for good? As an industry, we must do more to lead the younger generation down the right path."

The NCA's National Cyber Crime Unit will continue to investigate the attacks and work with businesses to prevent future incidents.