Ransomware, Threat Management, Threat Intelligence

Scattered Spider attacks cost UK retailers hundreds of millions

Shopping online. cardboard box with a shopping cart logo in a trolley on a laptop keyboard. Shopping service on The online web.

A wave of high-impact cyberattacks targeting major UK retailers in 2025, including Marks & Spencer, the Co-op, and Harrods, has served as a critical wake-up call for the sector, reports Infosecurity Magazine.

These incidents, attributed to the Scattered Spider group using DragonForce ransomware, inflicted severe financial damage, with M&S estimating losses of £300 million and the Co-op £206 million.

Attackers used sophisticated social engineering and compromised third-party credentials to infiltrate networks, conducting prolonged reconnaissance before deploying ransomware.

Parliamentary hearings and industry summits highlighted a key differentiator in resilience: the Co-op's more advanced migration from legacy systems to cloud infrastructure significantly limited its disruption compared to M&S, which had to rebuild systems over months.

Industry experts, including River Island's CISO Sunil Patel, emphasized that the attacks were not opportunistic but meticulously targeted at a sector with a vast attack surface and constrained IT budgets.

The aftermath spurred other retailers like Holland & Barrett and AllSaints to enhance crisis communications, double down on digital transformation, and invest in specialized "people security" teams to bolster employee awareness and third-party risk management.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds