Co-op Cyber Attack Foiled: How the Retailer Shut Itself Down to Stay Safe

Hackers claiming responsibility for the breach say the Co-op escaped a devastating ransomware attack that could have rendered its IT systems totally inoperable. The attackers told them that although they were able to breach the retailer’s network and take sensitive consumer information, Co-op’s quick response prevented them from releasing ransomware.

Compared to fellow UK retailer Marks & Spencer (M&S), which reportedly sustained more extensive damage, the Co-op cyber attack seems to have recovered more quickly thanks to this prompt response. Serious disruptions, such as the continuous suspension of online services, are still plaguing M&S.

Co-op Attack Thwarted Midway: Defensive Move Explained

The hacker collective, purportedly connected to the cybercrime agency DragonForce, informed that as soon as any questionable activity was discovered, Co-op’s IT department shut down internal systems. The criminals were unable to carry out ransomware, which jumbles files and demands payment for system restoration, because of this forceful shutdown.

“Co-op’s network has never experienced ransomware. In a message filled with profanity, the hackers said, “They pulled their own plug – ruining sales, destroying logistics, and destroying shareholder value.”

Security professionals have commended the way Co-op has handled itself, even though neither M&S nor Co-op has released a statement to the press.

Expert View: Immediate Disruption for Long-Term Gain

According to the Ransomware Task Force, this was a “wise” and strategic move on the part of Co-op.

“Co-op decided against a longer, criminally enforced disruption in favor of a brief, self-imposed one. They appear to have benefited from that choice,” she said.

Since cyberattacks frequently develop quickly after hackers breach a system, such decisions are usually made under intense pressure. Before being discovered and removed, the hackers told that they had been inside Co-op’s network for a long time.

Data Theft Confirmed: Ransomware Attack Foiled

Despite the ransomware deployment’s failure, a significant amount of private customer data was stolen by the attackers. They stated that the abrupt shutdown prevented them from implementing their plan to encrypt the systems.

Similar to what is happening at M&S, Co-op cyber attack would have had to deal with a far more challenging and expensive recovery if the ransomware had been successfully executed.

M&S Was Hit Hard: The Aftereffects of the Easter Weekend Attack

The M&S hack over the Easter weekend, too, was traced to this group. The majority of cybersecurity experts believe ransomware was used, even though M&S has not confirmed this. The company hasn’t denied those claims either.

Nearly three weeks later, M&S is still coping with major disruptions. A number of physical locations continue to struggle with empty shelves and broken contactless payment systems, and online orders are still suspended.

On Tuesday, M&S admitted that hackers obtained personal information, including birth dates, phone numbers, and addresses. Even if passwords and payment information were safe, consumers were cautioned to change their login information and watch out for cons.

M&S loses £43 million every week, according to a Bank of America analysis.

Co-op’s Recovery Underway but Challenges Remain

In contrast, Co-op stated that by the weekend, its store shelves should be back to normal. However, experts think the attack’s effects will last.

According to Professor Oli Buckley of Loughborough University, “their prompt action helped mitigate some of the immediate damage, but rebuilding customer trust will take longer.”

“They must show that they have improved their systems and learned from this.”

Broader Threat: UK Retailers Targeted by DragonForce

The same cybercrime gang has also blamed the hacking attempt on Harrods, another prominent UK merchant. The hackers say they are linked to DragonForce, a service that lets affiliates initiate assaults using their infrastructure and ransomware tools.

The precise identities of the service’s users are still unknown, but cybersecurity experts say the methods are similar to those of the loosely organized Octo Tempest or Scattered Spider hacker collectives, which are notorious for launching coordinated, persistent attacks against big businesses.

This group is made up of young, English-speaking people, some of whom are reportedly still in their teens, and it is said to operate on Telegram and Discord.

In their text exchanges with the hackers claimed that two members use the aliases “Raymond Reddington” and “Dembe Zuma,” referring to fictional characters, and presented a fluent English-speaking “spokesperson.”

Key Takeaways

• By detecting the ongoing cyberattack and stopping systems, Co-op avoided a ransomware lockout.

• Customer data was stolen even though service recovery had started.

• There are still significant disruptions at M&S, which was probably infected with ransomware.

• Harrods and other UK retailers are being targeted by DragonForce hackers.

• Long-term security upgrades and prompt, transparent responses are crucial, according to cybersecurity experts.

Supplier to Major Supermarkets Hit by Cyber Attack

According to a UK-based distributor that supplies large supermarkets, cybercriminals are currently holding it hostage.

A ransomware attack was confirmed by Peter Green Chilled, a logistics company that supplies Tesco, Sainsbury’s, Lidl, and Aldi. Because it supplies these big retailers, it has a significant impact, even though it is not one of the top 30 food distributors in the UK.

Ongoing Updates and Delivery Challenges

The business informed Wake Up to Money that customers are getting frequent updates and “workarounds” to continue deliveries in spite of the interruption.

One of Peter Green Chilled’s clients, Wilfred Emmanuel-Jones, founder of Black Farmer, voiced concern that if deliveries are delayed, thousands of his palletized goods may be wasted.

Details of the Ransomware Attack

Tom Binks, the Managing Director of Peter Green Chilled, reported that it was on Wednesday night that the ransomware attack occurred. According to the company, orders prepared on Wednesday would still be shipped, but no new orders would be processed on Thursday.

Mr. Binks remarked despite the assault. The firm, however, refused to provide any further remarks on the co-op cyber attack.

Impact on Suppliers and Products

Peter Green was said to have meat products which could be “enough to fill about ten pallets,” and E. Emmanuel-Jones owned the stock. As he stated, if the items weren’t delivered to the store in time, they would need to be disposed of.

Adding that “ten pallets mean thousands and thousands of packs of products sitting there,” he underlined that “the clock is ticking.” We don’t have any information. Goods worth thousands of pounds are being wasted as the supply chain comes to a complete halt.

Broader Context: Recent Cyberattacks on Retailers

The new cyber incident was triggered after Co-op and Marks & Spencer, two prominent UK retailers, were attacked by cybercriminals.

With the attempt that caused the depletion of stock and the robbing of customer data, Co-op by a hair got away with computer systems being isolated.

In the second co-op cyber attack, a group of cyber criminals announced that they had conducted a hit on the Marks & Spencer network. As a result, the store was left without products on the shelves and customers’ data were stolen. M&S has acknowledged a cyber incident, however, details about the nature of the breach have not been made available by the company.

UK Legal Aid Cyber Attack Exposes Personal Data

A major cyberattack compromised a substantial amount of personal information belonging to individuals who have applied for legal aid in the UK since 2010, the Legal Aid Agency disclosed on Monday.

Attack Discovered in Late April

The agency stated that it has been collaborating with the National Crime Agency (NCA) to conduct an investigation since learning about the breach on April 23. But by Friday, things were worse than I first thought. The agency was forced to shut down its online services after hackers obtained sensitive data.

Data Accessed by Hackers

According to the organization, the cybercriminals may have obtained access to:

• Complete names and addresses

• Birth dates

• Numbers for national identification

• Financial information, such as payment history, contribution amounts, and debt records

Immediate Response and System Shutdown

The Legal Aid Agency’s CEO, Jane Harbottle, said:

“My team has been working nonstop with the National Cyber Security Centre (NCSC) to fortify our systems and keep providing essential services since learning about the breach.”

In order to safeguard users and the integrity of the service, she added, the online platform had to be shut down.

Contingency Plans in Place

The agency reassured the public that legal support services are still accessible and that backup plans have been put in place to help those in need despite the disruption.

Recent Wave of Co-op Cyber Attacks

Similar cyberattacks on Co-op cyber attack and Marks & Spencer (M&S), two significant UK retailers, occurred in April before this incident. In those instances, hackers pretended to be staff members in order to gain access to IT help desks, according to tech website Bleeping Computer.

M&S, which halted its online activities, acknowledged earlier this month that ransomware, in which hackers encrypt systems and demand money to unlock them, had stolen personal customer data.

Inside the Cyber Siege: How a UK Council Was Held Hostage by Hackers

An IT engineer hurried through the icy streets of Redcar, northeast England, in the peaceful, predawn hours. A concerning alert about the council’s computer infrastructure caused the urgency. He started shutting down servers as soon as he got there in an effort to stop a virus from spreading throughout the system. But the damage was done.

After breaking into the IT systems of the Cleveland Council and Redcar, hackers demanded a ransom to unlock important data. Numerous services were interrupted by the February 2020 co-op cyber attack, including social services, child protection, and garbage collection.

The council’s then-leader, Mary Lanigan, recalled, “I received a call stating that we had been hit.” “Every system we had was utterly destroyed.”

Similar attacks have compromised customer data and left shelves empty in recent months, targeting major retail chains like M&S and the Co-Op cyber attack. Ciaran Martin, the former head of the National Cyber Security Centre (NCSC), however, voiced a more serious worry: coordinated attacks that could “wreck lives” by going after public institutions like hospitals and local councils.

The development of the cyberattack, the response efforts, and the impact on the community were all thoroughly examined in their investigation into the events that transpired in Redcar and Cleveland.

A council employee received an email with an innocent-looking attachment in the days leading up to Saturday, February 8, 2020. The malware that infected it was made to stay hidden until it was remotely activated. When activated, it

The council’s website was out of operation by 11:00 GMT on Saturday, the insiders informed.

There wasn’t much we could do, Lanigan admitted. “We had to maintain realism. We had to bring in extra phones so that people could at least call us.

Lanigan, who would later lose her council seat in the local elections of 2023, said she was under pressure to remain silent from both the council and the central government as the story gained traction.

 In response to a request for comment, the council said that no request or directive to withhold information had ever been made, either at that time or since.

Lanigan acknowledges now that a major crisis was imminent. “Heartbreaking,” she said. “Everyone suffered, including the public, our employees, and ourselves.”

It paralyzed key services. Social and senior care systems collapsed, communication with the police and NHS was cut off, and even basic duties like answering missed bin collection calls went unattended.

Cyber Siege: From Redcar to Russia

A nasty cybercrime network took control of a local council during the disastrous cyber incident that made the council powerless.

On Monday morning, February 10th, IT staff began searching office desks and gathering compromised computers into an expanding pile. “We knew recovery could take weeks—or even years—when we saw the extent of the destruction,” said Ben Saunders, an IT staff member.

At the same time, representatives of the NCSC, a division of GCHQ, were assessing the council’s urgent appeal for help.

Martin, who led the NCSC at the time, called the incident “exceptionally grave.”

“It is an emergency that should be given top priority when a local authority raises concerns about its capacity to assist children who are at risk.”

Social workers tasked with protecting at-risk youth were essentially paralyzed without access to case files and digital tools. The NCSC made the unusual decision to send staff straight to Redcar after realizing how serious the situation was.

The hackers made a ransom demand on Tuesday, February 11th, two days after the discovery of the cyberattack. Although the precise amount is still unknown, Martin calculated that, based on comparable previous attacks, it was probably in the low millions of US dollars.

At the time, there was no legal prohibition against paying ransoms, despite the UK government’s advice to the contrary. Lanigan was adamant about refusing, though.

She said, “I’m a Yorkshire woman.” “And I had no intention of giving criminals any money.”

The government of the UK ordered a COBRA meeting to be held on 12th February, which is used to initiate responses to national emergencies.

Lanigan recalled, “That’s when the enormity of it all hit home.” “This wasn’t a single hacker playing around in their bedroom.”

The council switched back to paper-based workflows after digital operations were completely destroyed. Progress came to a complete stop, or even at the slightest pace.

The Human Cost

The fallout was very personal for Paul and Clare, who live in Redcar. Living with a functional neurological disorder, Clare required ongoing support services and council-provided medical equipment.

Paul remarked, “We spent hours stranded on the phone.” “Handwritten notes were used when people eventually arrived to assist; none of it was being entered into the system.” There was mayhem.

Months passed without vital support as a result of the delays. In the end, Paul quit his job to take full-time care of Clare.

Council employees, meanwhile, put in endless effort to restore the broken system. Within weeks, a temporary social services setup was put in place. Recovery was still sluggish.

Officials reported that 90% of the systems had been restored by May 2020. It took ten months after the attack to reach full functionality.

According to Saunders, “some data was salvageable.” However, a large portion of the infrastructure needed to be completely rebuilt. It was laborious.

Tracing the Culprits

Years would pass before the identity of the culprit was truly clear.

The Russian-based ransomware group Conti Group, as can now widely be seen, utterly crashed in 2022. All through Russia’s invasion of Ukraine, pro-Ukrainian hackers were able to reveal to the public the details of Conti’s operations through the leaked internal communication of the company.

One of the Russian hacker groups that carried it a number of cyberattacks, including the Redcar and Cleveland situation, was added to the sanctions list by the US and UK authorities in February 2023. In his testimony before Parliament that year, Lanigan disclosed that the council had spent £11.3 million on the recovery. Only £3.68 million was reimbursed by the government; the remaining amount was taken from the council’s already meager reserves.

One of the council’s representatives said that they were protected by a general insurance, but they didn’t have a policy for a cyber-attack. Before the disaster, the council had implemented the right protection against co-op cyber-attacks, and it was even checked by an independent reviewer who certified that everything was well in place.

A Growing National Concern

The incident that took place in Cleveland and Redcar is not a specific one. During 2024, 202 ransomware attacks were the cause of the infection of the UK’s regional administration, the Information Commissioner’s Office reveals.

The government says it is taking action by providing funds for councils to have better cyber protections.

Martin, however, is still very worried.

He cautioned, “The Redcar case demonstrated just how susceptible our public institutions can be.” What if ten councils were struck simultaneously? How about a hundred? It’s becoming a tangible threat, not just a fictional scenario anymore.